Versions Compared

Old Version 1

changes.mady.by.user Former user

Saved on

compared with

New Version Current

changes.mady.by.user Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Published by Scroll Versions from space IDS and version 8.3
Note

NOTE: Ubisecure product names were unified in autumn 2011. All products which started with term "Ubilogin" were renamed to start with term "Ubisecure". In documentation this name change is implemented retroactively, i.e., the new naming practice is used also when referring to old software versions which started with term "Ubilogin" at the time of their release.

About This Documentation

This documentation describes the purpose, installation and configuration of Ubisecure Windows Authentication Provider. 

The Ubisecure Windows Authentication Provider is a Ubisecure software component which provides the Windows Single Sign-On authentication method for Ubisecure Server. This authentication method is based on Integrated Windows authentication protocol which is available in modern web browsers. The Integrated Windows authentication protocol allows AD domain users to authenticate to Microsoft IIS web servers with their existing workstation logon credentials, without entering a username and password. The Kerberos v5 protocol is extended for Web applications.

Windows Integrated Authentication is sometimes referred to as Automatic NTLM HTTP authentication or Windows SPNEGO Authentication. More information can be found in IETF RFC4559.

Ubisecure Windows Authentication Provider

The Ubisecure Windows Authentication Provider is a Ubisecure software component which provides the Windows Single Sign-On authentication method for Ubisecure Server. This authentication method is based on Integrated Windows authentication protocol which is available with the Internet Explorer, Mozilla Firefox (see chapter 9.5) and Google Chrome (5.0.375 or newer) browsers. On a Windows 2003 domain the authentication protocol is based on the Kerberos protocol. 
The Integrated Windows Authentication protocol enables the users to authenticate to Microsoft IIS web servers with their existing workstation logon credentials, without entering a username and password. The protocol is only enabled for Intranet use because this authentication protocol requires that the web server and the user's workstation are members of the same Windows domain.
Ubisecure implements the Integrated Windows authentication protocol as an Authentication Provider (later in this document: Windows AP). This enables very flexible installations. Ubisecure Authentication Server may be installed on a server that is not on a Windows domain or that is not running the Microsoft IIS web server.
Ubisecure also enables web applications running on non-Microsoft platforms to benefit from the ease of use of the Integrated Windows authentication protocol.
A sequence diagram of the login process is shown in Chapter 12.


Insert excerpt
Certificate Authentication Provider - SSO
Certificate Authentication Provider - SSO