IIS Web servers / SSL / Single Sign-On

TheMSsForum.com: The Microsoft Software Forum

Hi,

we have three servers (one with an dedicated Active Directory, one with
Windows Sharepoint Services + SQL 2005 and the last with Reporting
Services). The Windows Sharepoint Services is published on the Internet with
the URL https://portal.customer.org (the certifiate used comes from a root
authority installed on the dedicated domain controller). The homepage on the
Windows Sharepoint Services is composed of several webpart and especially
the reporting services webpart. As this webpart is displayed through an
IFRAME, we had to publish the reporting services web server on the internet
too (so we have https://bi.customer.org). The result is not very good as
when a customer is accessing the Windows Sharepoint Services, he has to
authentificate two times (one time for the https://portal.customer.org and
another time for getting access to https://bi.customer.org). We added both
sites on the trusted sites zone but he has no effect. Of course, we didn't
had this problem when reporting services was installed with Windows
Sharepoint Services on the same server (as /Reports and /ReportServer was
accessed by https://portal.customer.org). However, we had to split the
services on two separate servers because we had some performances during the
cubes processing.

Is there a solution to bypass the second authentication request ? As we are
authenticated on the first server (https://portal.customer.org, why the
information is not returned to the second server (https://bi.customer.org)
as both servers are using the same Active Directory ? Is this because we are
using SSL (this could be a security feature to block the "automatic login
with current username and password" option in Internet Explorer when
browsing SSL web sites).

Very thanks for your answers.

Thierry
Top

Re: IIS Web servers / SSL / Single Sign-On by OakTree8

OakTree8
Thu Jun 28 07:03:39 CDT 2007

On Jun 28, 7:07 am, "Thierry F." <tfra...@msftlabNOSPAM.info> wrote:
> Hi,
>
> we have three servers (one with an dedicated Active Directory, one with
> Windows Sharepoint Services + SQL 2005 and the last with Reporting
> Services). The Windows Sharepoint Services is published on the Internet with
> the URLhttps://portal.customer.org(the certifiate used comes from a root
> authority installed on the dedicated domain controller). The homepage on the
> Windows Sharepoint Services is composed of several webpart and especially
> the reporting services webpart. As this webpart is displayed through an
> IFRAME, we had to publish the reporting services web server on the internet
> too (so we havehttps://bi.customer.org). The result is not very good as
> when a customer is accessing the Windows Sharepoint Services, he has to
> authentificate two times (one time for thehttps://portal.customer.organd
> another time for getting access tohttps://bi.customer.org). We added both
> sites on the trusted sites zone but he has no effect. Of course, we didn't
> had this problem when reporting services was installed with Windows
> Sharepoint Services on the same server (as /Reports and /ReportServer was
> accessed byhttps://portal.customer.org). However, we had to split the
> services on two separate servers because we had some performances during the
> cubes processing.
>
> Is there a solution to bypass the second authentication request ? As we are
> authenticated on the first server (https://portal.customer.org, why the
> information is not returned to the second server (https://bi.customer.org)
> as both servers are using the same Active Directory ? Is this because we are
> using SSL (this could be a security feature to block the "automatic login
> with current username and password" option in Internet Explorer when
> browsing SSL web sites).
>
> Very thanks for your answers.
>
> Thierry

Try going into your IIS manager and properties on your sharepoint - 80
default site, directory security, and edit your security settings.
Between playing with allow anonymous access, and the check marks for
integrated windows security, digest authentication, and basic
authentication, you should be able to allow passthrough. I dont
know exactly what settings will do it but through trial and experiment
with each and combinations of each it may work.

Top

Re: IIS Web servers / SSL / Single Sign-On by Thierry

Thierry
Thu Jun 28 07:24:19 CDT 2007

Thanks. I'll check this asap.

"OakTree8" <clearvisionhr@gmail.com> wrote in message
news:1183032219.737125.59170@w5g2000hsg.googlegroups.com...
> On Jun 28, 7:07 am, "Thierry F." <tfra...@msftlabNOSPAM.info> wrote:
>> Hi,
>>
>> we have three servers (one with an dedicated Active Directory, one with
>> Windows Sharepoint Services + SQL 2005 and the last with Reporting
>> Services). The Windows Sharepoint Services is published on the Internet
>> with
>> the URLhttps://portal.customer.org(the certifiate used comes from a root
>> authority installed on the dedicated domain controller). The homepage on
>> the
>> Windows Sharepoint Services is composed of several webpart and especially
>> the reporting services webpart. As this webpart is displayed through an
>> IFRAME, we had to publish the reporting services web server on the
>> internet
>> too (so we havehttps://bi.customer.org). The result is not very good as
>> when a customer is accessing the Windows Sharepoint Services, he has to
>> authentificate two times (one time for thehttps://portal.customer.organd
>> another time for getting access tohttps://bi.customer.org). We added both
>> sites on the trusted sites zone but he has no effect. Of course, we
>> didn't
>> had this problem when reporting services was installed with Windows
>> Sharepoint Services on the same server (as /Reports and /ReportServer was
>> accessed byhttps://portal.customer.org). However, we had to split the
>> services on two separate servers because we had some performances during
>> the
>> cubes processing.
>>
>> Is there a solution to bypass the second authentication request ? As we
>> are
>> authenticated on the first server (https://portal.customer.org, why the
>> information is not returned to the second server
>> (https://bi.customer.org)
>> as both servers are using the same Active Directory ? Is this because we
>> are
>> using SSL (this could be a security feature to block the "automatic login
>> with current username and password" option in Internet Explorer when
>> browsing SSL web sites).
>>
>> Very thanks for your answers.
>>
>> Thierry
>
> Try going into your IIS manager and properties on your sharepoint - 80
> default site, directory security, and edit your security settings.
> Between playing with allow anonymous access, and the check marks for
> integrated windows security, digest authentication, and basic
> authentication, you should be able to allow passthrough. I dont
> know exactly what settings will do it but through trial and experiment
> with each and combinations of each it may work.
>
Top