Single Sign on

If you have questions about using mojoPortal, you can post them here.

You may want to first review our site administration documentation to see if your question is answered there.

This thread is closed to new posts. You must sign in to post in the forums.
12/3/2010 9:09:01 AM
superdave144
Gravatar
Total Posts 154
View Posts

Single Sign on

I created a Mojo Intranet site that has AD integration.  Is there anyway I can configure single sign on so Mojo will use their domain credentials instead of having to manually enter them?

Thanks,

Dave

12/3/2010 9:28:59 AM
Joe Audette
Gravatar
Total Posts 18439
View Posts

Re: Single Sign on

If your users all use IE, you could potentially use Windows Authentication.  Other browsers generally won't support this though I think there is a Firefox extension to support it but it would  have to be installed on the client machines that use FF.

With Windows Authentication IE should automatically pass in the user's domain credentials as long as the user is signed into the domain and the web server is also a domain member.

Hope it helps,

Joe

12/3/2010 9:53:33 AM
superdave144
Gravatar
Total Posts 154
View Posts

Re: Single Sign on

I went into the default website, under the directory security tab, under authentication and access control, and both enable anonymous access and integrated windows authentication are checked.  I applied this setting to the Mojo virtual directory.  Am I missing something?  The user can view the page without entering credentials but they still need to sign in to Mojo itself. 

 

 

12/3/2010 10:32:13 AM
Joe Audette
Gravatar
Total Posts 18439
View Posts

Re: Single Sign on

Read the doc I linked to thoroughly, that is all the information I know about using Windows Auth. Make sure you update your web.config as indicated.

12/3/2010 10:40:24 AM
superdave144
Gravatar
Total Posts 154
View Posts

Re: Single Sign on

Doh!  I didn't even realize it was a link to a doc.

12/3/2010 11:16:07 AM
superdave144
Gravatar
Total Posts 154
View Posts

Re: Single Sign on

Ok it seems to be working.  It is using domain\username for the username and it isn't filling in their E-Mail address automatically.  Is this normal? 

12/3/2010 11:47:14 AM
Joe Audette
Gravatar
Total Posts 18439
View Posts

Re: Single Sign on

yeah it doesn't have a way to know the user's email address, we could possibly make an assumption there that the email is user@domain.com but that would likely be a false assumption in many cases.

I'll look into making a config option that could enable you to confirm the assumption and make it do that.

Best,

Joe

12/3/2010 11:52:27 AM
superdave144
Gravatar
Total Posts 154
View Posts

Re: Single Sign on

Maybe you could configure an assumption based on a specified template.  In our environment our E-Mail convention is firstname.lastname@domain.com.  Another common one would be firstnamelastinital@domain.com That template would work for every user in our domain.

12/3/2010 11:58:37 AM
Joe Audette
Gravatar
Total Posts 18439
View Posts

Re: Single Sign on

There is no way I can make it perfect, if you use more than one scheme for your own users then no matter what I do it will guess wrong for some users.

Here is what I'm implementing for the next version:

private string GuessEmailAddress(string userName)
        {
            if (WebConfigSettings.GuessEmailForWindowsAuth)
            {
                if (userName.Contains("/"))
                {
                    string domain = userName.Substring(0, userName.IndexOf("/"));
                    string user = userName.Replace(domain, string.Empty).Replace("/", string.Empty);
                    return user + "@" + domain + WebConfigSettings.WindowsAuthDomainExtension;
                }
            }

            return string.Empty;
        }

Where WindowsAuthDomainExtension will default to .com

Best thing to do would be to tell users they need to update their email address under My Account the first time they use the site.

Best,

Joe

 

12/3/2010 1:32:43 PM
superdave144
Gravatar
Total Posts 154
View Posts

Re: Single Sign on

That sounds great Joe!  It's behaving kinda strange.  The SSO works perfectly when I go to http://servername but when I browse to http://servername.domain.com it always asks for the logon.  Any ideas? 

12/3/2010 10:07:09 PM
Joe Davis
Gravatar
Total Posts 2239
View Posts

Re: Single Sign on

Hey Joe,

Just reviewing this thread and I noticed you may be using the wrong slash in your code. You're using a forward slash (/) for the domain separator but a back slash (\) should be used.

Thanks,
Joe D.

You must sign in to post in the forums. This thread is closed to new posts.