WINAP installation checklist - SSO
User account with Domain Administrator with minimum rights For Windows 2008 Server R2 For Windows 2013 Server R2 It is recommended to install the Windows Authentication Provider on a web site that has SSL/TLS enabled. SSL provides a further level of data protection. Failure to use SSL may cause end-user warnings as the authentication process switches from HTTPS to HTTP. Due to Kerberos protocol restraints the connection between end-user and Windows authentication provider should not be proxied. Such configurations are not supported. Installation and configuration of the Windows Authentication Provider is performed in the order according to the table below. Instructions are provided in the other pages in the page tree under Windows Authentication Provider branch. No. Task 1 Ensure all system requirements are met. 2 Ensure IIS works currently for serving simple pages. 3 Install and configure the Authentication Method on Ubisecure Authentication Server. 4 Install Windows Authentication Provider using the .msi installer package 5 Copy the Agents.xml file generated on the Ubisecure Authentication Server to the Windows Authentication Provider host. 6 Confirm Windows Authentication Provider installation success by accessing the test page. No password should be requested and current user information should be displayed as a web page. 7 Confirm Windows Authentication Provider installation by accessing a test or existing application protected by an Ubisecure Application or SAML SP. 8 Confirm that web.config is correctly configured. Attempts to access resources that require authentication should be redirected to the IDP for authentication. Review Event Viewer for possible warnings or errors. 9 Using Ubisecure Management,configure Authorization Policy and group memberships appropriately for the application. Enable the Authentication method for all sites and applications that requires its use. 10 Enable and adjust logging of Windows Authentication Provider for production use, if required. 11 Disable test page for production use, if desired. 11 Update browser settings of the user community if required (eg Firefox settings) 12 Perform security auditSystem Requirements
The IIS server must be on the same domain as the users.Required Files
Windows Installer package for Windows Authentication Provider
Configuration file created by the Ubisecure Authentication Server administratorInstallation Steps