Single Sign On Browser Configurations

book

Article ID: 204261

calendar_today

Updated On:

Products

CA Service Management - Service Desk Manager

Issue/Introduction

This article discusses the necessary browser level configurations required for Single Sign On (SSO or Pass Thru Authentication) to function for the Service Desk application.

Environment

Release : 17.1 and higher

Component : SERVICE DESK MANAGER

Resolution

Single Sign On is a functionality that involves configuring NTLM or Kerberos based authentication.  Most web browsers by default do not have this functionality enabled.  Along with configuring Single Sign On for the given Service Desk implementation, one must also configure the browsers.

Firefox:

  1. Access Firefox.  In the address bar, enter "about:config".
  2. You will see a warning about making changes to your browser config.  Click the button labelled "Accept the Risk and Continue".
  3. Under the "Filter" bar, enter “network.automatic-ntlm-auth.trusted-uris”.
  4. For the given setting, add the SDM URL (ie:  http://SERVER/CAisd/pdmweb.exe)
  5. Additionally, search through just "ntlm" and go through any other settings necessary for your environment to allow NTLM based access

Internet Explorer, Chrome, and Edge (note:  These three browsers rely on the OS level internet settings)

  1. Open Windows Start Menu, search for "Internet Options".  Select "Internet Options".  You will see a window labeled "Internet Properties" present.
  2. Click on Security tab
  3. Click on Local Intranet or Trusted Sites (Your SDM Server's designation should be in either the Intranet or Trusted Sites Zone)
  4. Click "Custom level"
  5. Navigate to Scripting and enable Active scripting. 
  6. Navigate to User Authentication\Logon. 
  7. Select "Select Automatic logon with current user name and password" and click OK.
  8. Select the Advanced tab. 
  9. In the Settings list, navigate to the Security section. 
  10. Select Enable Integrated Windows Authentication and click OK. 

Additional Information

Information on configuring Single Sign On for IIS:
https://knowledge.broadcom.com/external/article?articleId=48399

Information on configuring Single Sign On for Tomcat (Waffle):
https://knowledge.broadcom.com/external/article?articleId=72484

The above instructions are accurate to the time of this document's writing on Dec, 2020.  One may find in future browser releases that the relevant settings have been moved or possibly disabled depending on browser design.  Please consult documentation related to your browser to determine current status of NTLM/Kerberos based authentication.

Some settings may also be locked out due to on-site security requirements.  You may need to consult with your local security to determine their policies and if any override/exceptions can be granted.