Configuring Single-Sign-On (SSO) for Internet Information Server (IIS) 8.x and CA Service Desk Manager (CA SDM) 17.3
search cancel

Configuring Single-Sign-On (SSO) for Internet Information Server (IIS) 8.x and CA Service Desk Manager (CA SDM) 17.3

book

Article ID: 48399

calendar_today

Updated On:

Products

CA Service Management - Service Desk Manager CA Service Desk Manager

Issue/Introduction

Configuring Single-Sign-On (SSO) for Internet Information Server (IIS) 8.x and CA Service Desk Manager (CA SDM) 17.3 using NTLM Authentication

Environment

CA Service Desk Manager 17.3
IIS 8.0, IIS 8.5
All Supported Windows Operating Systems

Resolution

Following steps will illustrate how to configure Single-Sign-On (SSO) for Internet Information Server (IIS) 8.0 and CA Service Desk Manager (CA SDM) r12.9 / 14.1 /17.x


1.  In order to enable SSO IIS within CA SDM, the following modification needs to be done at the CA SDM Access Type level.
Figure 1

  • Log into CA SDM as an Administrator and navigate to ADMINISTRATION -> SECURITY AND ROLE MANAGEMENT -> ACCESS TYPES
  • Select the ADMINISTRATION ACCESS TYPE - the Administration Access Type Detail screen will appear
  • Modify the "Allow External Authentication" option to YES. If you require any other CA SDM Access type (i.e. Employee) to have SSO, you will need to make the same change to its Access Type configuration as shown in Figure 1.

2.  Proceed to make the necessary modifications to the IIS 8.0 web server.

  • IIS 8.0 has been installed on the server where CA SDM is installed
  • CA SDM has been successfully configured to use IIS 8.0

Pre-requisites:

1.  Open the IIS Manager from the Administrative Tools menu as shown in Figure 2.

Figure 2


2.  In the left hand pane, expand the HOSTNAME NODE, where "hostname" is the name of the Windows 2012 server. Expand the SITES node. Expand the DEFAULT WEB SITE node. Click on the CAisd node to display the CAisd Home Page as shown in Figure 3.

Figure 3


3.  Double click on AUTHENTICATION to display the Authentication settings as shown in Figure 4.

Figure 4

 
4.  Ensure that the ANONYMOUS AUTHENTICATION option is set to DISABLED and the WINDOWS AUTHENTICATION option is set to ENABLED as shown in Figure 5.

Figure 5


5.  Click on DEFAULT WEB SITE. Double click on AUTHENTICATION to display the Authentication settings.

6.  Ensure that WINDOWS AUTHENTICATION is set to ENABLED as shown in Figure 6. (See Additional Information if you do not see Windows Authentication here)

Figure 6

  7.  Click on the HOSTNAME NODE, right-click and select STOP and then START to restart IIS to apply the changes as shown in Figure 7.

Figure 7

 

8.  Launch the CA SDM web interface and login using an access type configured for SSO in Step #1 above.

Additional Information

In the event that IIS is missing Windows Authentication, please enable it by doing the following:
  • Go to Control Panel -> Programs and Features -> Turn windows features on or off.  This will bring up the "Add Roles and Features Wizard".

  • Access "Server Roles", drill down into Web Server (IIS) and check "Windows Authentication".

For corresponding instructions to run SSO (Single Sign On) in Tomcat, please view:
How to Enable NTLM Authentication for CA SDM Tomcat Using WAFFLE

Single Sign On relies on NTLM based Windows Authentication being enabled in your browser.  This is a setting that is usually active automatically in Internet Explorer.  For information on this setting as it applies to Chrome and Firefox, please see:
Configuring Chrome and Firefox for Windows Integrated Authentication
Powered by Wolken Software