|
Home > Archive > IIS Server Security > February 2005 > Single sign on accross multiple SSL IIS 6.0 servers
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Single sign on accross multiple SSL IIS 6.0 servers
|
|
| steve h 2005-02-04, 6:00 pm |
| We have a situation in whch we have 3 IIS 6.0 servers. Each has it's own IP
and SSL cert. 1 is on a box and the other 2 are virtual servers on a second
box. When ever a person goes between these addresses in a new browser
session they get challenged for their credentials. We would like to provide a
single sign on experience if possible. Any one know how?
Thanks
| |
| Ken Schaefer 2005-02-05, 2:47 am |
| Without using something like Federated Identity Management, I don't think
this is possible.
As far as the browser is concerned, these are three different sites with no
real relationship to each other. Why should the browser automatically send
the user's credentials to the second site? Especially if the authentication
type is Basic (which means that the user's username/password is sent in
clear text, and can thus be read by any malicious operator of "site 2")?
You can configure IE to "auto logon" to sites - however you need to meet all
the requirements in this page:
http://support.microsoft.com/?id=258063
Other browsers generally don't support this functionality.
Otherwise, you need to look at FIM-type SSO solutions...
Cheers
Ken
"steve h" <steveh@discussions.microsoft.com> wrote in message
news:1E23C8C9-A9E8-4D80-8E13-5CD7961BFA48@microsoft.com...
> We have a situation in whch we have 3 IIS 6.0 servers. Each has it's own
> IP
> and SSL cert. 1 is on a box and the other 2 are virtual servers on a
> second
> box. When ever a person goes between these addresses in a new browser
> session they get challenged for their credentials. We would like to
> provide a
> single sign on experience if possible. Any one know how?
>
> Thanks
| |
| Konrad 2005-02-11, 7:59 am |
| "=?Utf-8?B?c3RldmUgaA==?=" <steveh@discussions.microsoft.com> wrote in message news:<1E23C8C9-A9E8-4D80-8E13-5CD7961BFA48@microsoft.com>...
> We have a situation in whch we have 3 IIS 6.0 servers. Each has it's own IP
> and SSL cert. 1 is on a box and the other 2 are virtual servers on a second
> box. When ever a person goes between these addresses in a new browser
> session they get challenged for their credentials. We would like to provide a
> single sign on experience if possible. Any one know how?
>
> Thanks
Hi,
a single sign on experience is possible when all your applications are
within the same internet domain (for example: app1.yourdomain.com and
app2.yourdomain.com). The key is to develop an ISAPI filter or a .NET
HttpModule that inspects every request for a cookie value that is
issued by a logon page using a cookie domain like ".yourdomain.com".
The cookie domain causes browsers to transport the cookie to all your
sites within *.yourdomain.com.
For details, see the principle here: http://www.kp-it.de. This is a
tool my company offers to deal with web single-sign-on scenarios.
Konrad
|
|
|
|
|