{"id":11454,"date":"2025-01-12T14:00:44","date_gmt":"2025-01-12T05:00:44","guid":{"rendered":"https:\/\/chat-messenger.com\/?p=11454"},"modified":"2026-03-12T10:42:36","modified_gmt":"2026-03-12T01:42:36","slug":"iis-sso","status":"publish","type":"post","link":"https:\/\/chat-messenger.com\/en\/manual\/camserver\/iis-sso","title":{"rendered":"SSO using IIS Integrated Windows Authentication"},"content":{"rendered":"

\u65b0\u3057\u304f\u5c0e\u5165\u3059\u308b\u74b0\u5883\u3067\u306f\u4ee5\u4e0b\u3092\u3054\u5229\u7528\u304f\u3060\u3055\u3044\u3002<\/p>\n\n\n

\t\t\t
\n\t\t\t\t
\n\t\t\t\t\tChat&Messenger for web conferencing<\/span>\n\t\t\t\t\t
\"\"<\/figure><\/div>\t\t\t\t\t
\n\t\t\t\t\t\t\u7d71\u5408Windows\u8a8d\u8a3c\u3067\u306eSSO | Web\u4f1a\u8b70\u306e Chat&Messenger<\/a>\n\t\t\t\t\t\t\u6982\u8981 Active Directory \u74b0\u5883\u3067\u306f\u3001\u7d71\u5408 Windows \u8a8d\u8a3c\uff08Kerberos\uff09 \u3092\u5229\u7528\u3059\u308b\u3053\u3068\u3067\u3001\u30e6\u30fc\u30b6\u30fc\u304c Windows \u306b\u30ed\u30b0\u30a4\u30f3\u3057\u3066\u3044\u308b\u8a8d\u8a3c\u60c5\u5831\u3092\u305d\u306e\u307e\u307e\u5229\u7528\u3057\u3001C&M \u306b\u8ffd\u52a0\u30ed\u30b0\u30a4…<\/span>\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t<\/div>\n\t\t<\/div>\n\n\n

Overview of Integrated Windows Authentication<\/h2>\n\n\n\n

Integrated Windows Authentication (IWA) is a mechanism that automatically provides user authentication information to IIS when IIS and the user are logged in to the same domain. When you create a site with ASP.NET C#, you can determine whether a user has been authenticated and obtain information about authenticated users.<\/p>\n\n\n\n

This allows users to access web applications hosted on (or integrated with) IIS without any additional login steps and enables SSO integration with other application servers. <\/p>\n\n\n\n

\n
\n

*If a user is not part of the same domain or is unauthenticated and accesses the IIS page, a sign-in dialing message will be displayed. If authentication is not performed correctly, an HTTP Error 401.1 \u2013 Unauthorized will be displayed.<\/p>\n<\/div>\n\n\n\n

\n
\"\"<\/figure>\n<\/div>\n<\/div>\n\n\n\n

SSO (Single Sign On) Flow<\/h2>\n\n\n\n

The Chat&Messenger On-Premise Ultimate plan allows SSO via Integrated Windows Authentication. The SSO flow is as follows:<\/p>\n\n\n\n

\n
\n
  1. The client first accesses the Integrated Windows Authenticated page \/cam-iissso.<\/li>
  2. On the \/cam-iissso page, ASP.NET determines whether the user is authenticated and connects to the CAMServer.<\/li>
  3. The CAMServer performs an LDAP search to confirm that the user is a valid AD user, generates an ssoToken (a unique random value of 30 bytes or more) and a URL to access the CAMServer, and sends a redirect request.<\/li>
  4. Access the CAMServer and authenticate using the ssoToken. If authentication is successful, a session ID for API access will be assigned.<\/li><\/ol>\n<\/div>\n\n\n\n
    \n
    \"\"<\/figure>\n<\/div>\n<\/div>\n\n\n\n

    The user ID of the user who uses SSO must match the UserPrincipalName in Active Directory and be registered in Chat&Messenger in advance. UserPrincipalName is I want to get a list of Active Directory users and create a CSV.<\/a> Please also refer to the following.<\/p>\n\n\n\n

    Requirements for achieving SSO<\/h2>\n\n\n\n

    Join Windows Server to Domain<\/h3>\n\n\n\n

    Please join the Windows Server running CAMServer\/IIS to the Active Directory domain.<\/p>\n\n\n\n

    To check the domain to which an existing Windows Server is joined, go to "Server Manager" \u2192 click "Local Server" on the left menu \u2192 click "Computer Name" and refer to the Domain column.<\/p>\n\n\n\n

    In addition, IIS should coexist with CAMServer on the same server and run on port 80. If you place a LoadBalancer in front of CAMServer, CAMServer will run on port 8080, so IIS can also use port 443.<\/p>\n\n\n\n

    Installing IIS<\/h3>\n\n\n\n
    \n
    \n

    \u30b5\u30fc\u30d0\u306e\u5f79\u5272\u304b\u3089IIS\u3092\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3057\u3066\u304f\u3060\u3055\u3044\u3002IIS\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u6642\u306b\u3001\u5f79\u5272\u30b5\u30fc\u30d3\u30b9\u306e\u9078\u629e\u30aa\u30d7\u30b7\u30e7\u30f3\u3067\u4ee5\u4e0b\u30c1\u30a7\u30c3\u30af\u3092\u884c\u3046\u3002<\/p>\n\n\n\n