Configure LiveCompare to use single sign-on
Single sign-on allows each user to be logged in to LiveCompare automatically using their Windows account, provided that a LiveCompare account has been created with a matching username.
Configuring LiveCompare to single sign-on involves the following steps. Before you begin, LiveCompare must be configured to run using HTTPS/SSL as described here.
Configure LiveCompare to use single sign-on
- Log in to LiveCompare as a user with Administrator privileges and click to go to the LiveCompare studio.
- Select the Administration > Configuration > Security folder in the LiveCompare hierarchy.
- Set the Single SignOn field to X, and click ‘Save’.
- Stop the RNSERVER service, first checking that no users are currently logged in to LiveCompare and that no workflows are currently running.
- On the LiveCompare server, remove the WebMatrix.*.dll files from the <LiveCompare install dir>\web\apps\bin directory.
Configure the LiveCompare Studio web application to use single sign-on (except for reports)
- Open IIS Manager on the LiveCompare server and navigate to the livecompare/studio application.
- In the IIS section, double-click the Authentication icon.
- Disable Anonymous Authentication and enable Windows Authentication.
- Select Windows Authentication in the Authentication pane and choose ‘Providers…’ from the context menu.
- In the Providers dialog, ensure that NTLM is listed before Negotiate.
- In IIS Manager, navigate to the livecompare/reports folder and double-click the Authentication icon.
- Disable Windows Authentication and enable Anonymous Authentication.
Configure the LiveCompare Studio web application to connect as the LiveCompare service account instead of using pass-through authentication
- In IIS Manager on the LiveCompare server, navigate to the livecompare/studio application.
- Select Basic Settings in the Actions panel, and ensure that the Physical path entry specifies ‘Pass-through authentication’.
- Click ‘Connect as…’.
- In the Connect As dialog, select ‘Specific user’. Click ‘Set’ and enter the user name and password for the LiveCompare service account.
- Click ‘OK’ to close the Connect As and Edit Application dialogs, saving your settings.
Verify the configuration of the LiveCompare Studio application
- In IIS Manager on the LiveCompare server, navigate to the livecompare/studio application.
- In the Management section, double-click the Configuration Editor icon.
- In the Section list box:
- Select system.web/authentication, and ensure that the mode is set to Windows.
- Select system.web/authorization, and click ‘…’ in the Features View. Ensure that the Collection Editor dialog is set to allow all users.
- Select system.web/identity and ensure it is using the LiveCompare service account and password.
Restart IIS
On the LiveCompare server, run ‘iisreset’ from a command window to restart IIS.
Log in to LiveCompare
To log in to LiveCompare as an LDAP user, enter your LDAP username and password in the Windows Security dialog and then click ‘OK’.
To log in to LiveCompare as a user with administrator privileges, log in as an LDAP user first, and then log out. Click ‘Login as another user’, enter the administrator’s username and password, and then click ‘Login’.
Additional steps
- If your SSL certificate is self-signed, you may need to use the Microsoft Management Console and the Certificates snap-in to add the SSL certificate to the Trusted Root Certification Authorities list.
- If a Windows security dialog appears when accessing the LiveCompare web site, you may need to configure your browser and add the LiveCompare web server to the ‘Local intranet’ or ‘Trusted sites’ zone.