WINAP installation checklist - SSO

Owned by ubisebastian
2022-01-16
2 min read

System Requirements

  • Ubisecure Server 5.0 or later
  • Active Directory running in at least Windows 2003 Mode or greater
  • Microsoft .NET Framework Version 2.0.

  • User account with Domain Administrator with minimum rights 

For Windows 2008 Server R2

  • Microsoft IIS 7.5

For Windows 2013 Server R2

  • Microsoft IIS 8.5

It is recommended to install the Windows Authentication Provider on a web site that has SSL/TLS enabled. SSL provides a further level of data protection. Failure to use SSL may cause end-user warnings as the authentication process switches from HTTPS to HTTP. 
The IIS server must be on the same domain as the users.

Due to Kerberos protocol restraints the connection between end-user and Windows authentication provider should not be proxied. Such configurations are not supported.

Required Files

  • uapsso.msi 
    Windows Installer package for Windows Authentication Provider
  • agents.xml 
    Configuration file created by the Ubisecure Authentication Server administrator

Installation Steps

Installation and configuration of the Windows Authentication Provider is performed in the order according to the table below. Instructions are provided in the other pages in the page tree under Windows Authentication Provider branch.

No.

Task

1

Ensure all system requirements are met.

2

Ensure IIS works currently for serving simple pages.

3

Install and configure the Authentication Method on Ubisecure Authentication Server.

4

Install Windows Authentication Provider using the .msi installer package

5

Copy the Agents.xml file generated on the Ubisecure Authentication Server to the Windows Authentication Provider host.

6

Confirm Windows Authentication Provider installation success by accessing the test page. No password should be requested and current user information should be displayed as a web page.

7

Confirm Windows Authentication Provider installation by accessing a test or existing application protected by an Ubisecure Application or SAML SP.

8

Confirm that web.config is correctly configured. Attempts to access resources that require authentication should be redirected to the IDP for authentication. Review Event Viewer for possible warnings or errors.

9

Using Ubisecure Management,configure Authorization Policy and group memberships appropriately for the application. Enable the Authentication method for all sites and applications that requires its use.

10

Enable and adjust logging of Windows Authentication Provider for production use, if required.

11

Disable test page for production use, if desired.

11

Update browser settings of the user community if required (eg Firefox settings)

12

Perform security audit

Ubisecure Privacy Policy & Cookie Statement