MENU
Groupware that integrates business chat, web conferencing, schedules, document management, workflow, and attendance | Chat&Messenger for web conferencing
  1. Home
  2. How to use
  3. On-premise CAMServer
  4. SSO (Single Sign On) using IIS Integrated Windows Authentication

SSO (Single Sign On) using IIS Integrated Windows Authentication

On-premise CAMServer
TOC

Overview of Integrated Windows Authentication

Integrated Windows Authentication (IWA) is a mechanism that automatically provides user authentication information to IIS when IIS and the user are logged in to the same domain. When you create a site with ASP.NET C#, you can determine whether a user has been authenticated and obtain information about authenticated users.

This allows users to access web applications hosted on (or integrated with) IIS without any additional login steps and enables SSO integration with other application servers.

*If a user is not part of the same domain or is unauthenticated and accesses the IIS page, a sign-in dialing message will be displayed. If authentication is not performed correctly, an HTTP Error 401.1 – Unauthorized will be displayed.

SSO (Single Sign On) Flow

The Chat&Messenger On-Premise Ultimate plan allows SSO via Integrated Windows Authentication. The SSO flow is as follows:

  1. The client first accesses the Integrated Windows Authenticated page /cam-iissso.
  2. On the /cam-iissso page, ASP.NET determines whether the user is authenticated and connects to the CAMServer.
  3. The CAMServer performs an LDAP search to confirm that the user is a valid AD user, generates an ssoToken (a unique random value of 30 bytes or more) and a URL to access the CAMServer, and sends a redirect request.
  4. Access the CAMServer and authenticate using the ssoToken. If authentication is successful, a session ID for API access will be assigned.

Requirements for achieving SSO

Installing IIS

Install IIS from the Server Roles.

When installing IIS, check the option "Windows Authentication."

After the IIS role installation is complete, install the ISAPI filter and ISAPI extension separately.

ISAPI Filter: Supports loading extension modules in IIS. Required to load AspNetCoreModuleV2.
ISAPI Extension: Adds ISAPI extension to IIS. Required for AspNetCoreModuleV2 to work. Start IIS Manager (iisreset)

Install ASP.NET Core Hosting Bundle

ASP.NET Core Hosting Bundle Please install .

After installation, restart IIS and make sure AspNetCoreModuleV2 is present in Handler Mappings.

If you want to host ASP.NET Core applications in an IIS environment, simply install the ASP.NET Core Hosting Bundle, which will automatically install the following: .NET Runtime ASP.NET Core Runtime

Add application (cam-iissso)

Download the SSO module and copy it to C:\inetpub\wwwroot\cam-iissso https://chat-messenger.com/dl/fdd94dd-022_f2aaac/cam-iissso.zip Add cam-iissso application to Default Web Site Alias cam-iissso Physical path C:\inetpub\wwwroot\cam-iissso

Enable Windows Authentication

Right-click "Windows Authentication" and select "Enable."

If "Anonymous Authentication" is enabled, please disable it.

Internet Options Settings

Add the site served by IIS to the Intranet Zone

Select Internet Options, click the "Security" tab, and select "Local intranet." Click the "Sites" button, select "Advanced Settings," and add the URL of the site.

Check for automatic logon

Click "Custom Level" and make sure that "Automatic logon in Intranet zone" is selected under "User Authentication" -> "Logon".

This setting is required on all C&M user client terminals, but it can be centrally managed using the Group Policy Management Console.

LDAP Settings

If you want to use IIS for single sign-on,LDAP Settings(LDAPUrl, LDAPBaseDN, AD user to perform proxy authentication) are required.

Cannot be used in HTTP proxy connection environment

Please note that SSO is not available in HTTP proxy environments.

On-premise CAMServer
TOC