Configuring LiveCompare to Use Single Sign-on

Single sign-on allows each user to be logged in to LiveCompare automatically using their Windows account, provided that a LiveCompare account has been created with a matching user name.

Configuring LiveCompare to single sign-on involves the following steps. Before you begin, LiveCompare must be configured to run using HTTPS/SSL as described here.

Configure LiveCompare to Use Single Sign-on

  1. Log in to LiveCompare as an Administrator and select the Administration > Configuration > Security folder in the LiveCompare hierarchy.
  2. Set the Single SignOn field to X, and click ‘Save’.
  3. Stop the RNSERVER service, first checking that no users are currently logged in to LiveCompare and that no workflows are currently running.
  4. On the LiveCompare server, remove the WebMatrix.*.dll files from the <LiveCompare install dir>\web\apps\bin directory.

Configure the LiveCompare Web Application to Use Single Sign-on (Except for Reports)

  1. Open IIS Manager on the LiveCompare server and navigate to the LiveCompare site.
  2. In the IIS section, double-click the Authentication icon.
  3. Disable Anonymous Authentication and Enable Windows Authentication.
  4. Select Windows Authentication in the Authentication pane and choose ‘Providers…’ from the context menu.
  5. In the Providers dialog, ensure that NTLM is listed before Negotiate.
  6. In IIS Manager, navigate to the <LiveCompare user data dir>public\Reports folder and double-click the Authentication icon.
  7. Disable Windows Authentication and enable Anonymous Authentication.

Configure the LiveCompare Web Application to Connect as the LiveCompare Service Account Instead of Using Pass-through Authentication

  1. Open IIS Manager on the LiveCompare server and navigate to the LiveCompare site.
  2. Select Basic Settings in the Actions panel, and ensure that the Physical path entry specifies ‘Pass-through authentication’.
  3. Click ‘Connect as…’.
  4. In the Connect As dialog, select ‘Specific user’. Click ‘Set’ and enter the user name and password for the LiveCompare service account.
  5. Click ‘OK’ to close the Connect As and Edit Application dialogs, saving your settings.

Verify the Configuration of the LiveCompare Application

  1. Open IIS Manager on the LiveCompare server and navigate to the LiveCompare site.
  2. In the Management section, double-click the Configuration Editor icon.
  3. In the Section list box:
    1. Select system.web/authentication, and ensure that the mode is set to Windows.
    2. Select system.web/authorization, and click ‘…’ in the Features View. Ensure that the Collection Editor dialog is set to allow all users.
    3. Select system.web/identity and ensure it is using the LiveCompare service account and password.

Restart IIS

  1. On the LiveCompare server, use the ‘iisreset’ command to restart IIS.

Additional Steps

  1. If your SSL certificate is self-signed, you may need to use the Microsoft Management Console and the Certificates snap-in to add the SSL certificate to the Trusted Root Certification Authorities list.
  2. If a Windows security dialog appears when accessing the LiveCompare web site, you may need to configure your browser and add the LiveCompare web server to the ‘Local intranet’ or ‘Trusted sites’ zone.

Configuring LiveCompare to Run Using HTTPS/SSL