Showing results for 
Search instead for 
Did you mean: 

SSO and Sharepoint

Regular Contributor

SSO and Sharepoint

i am running 6.5R1 on an SA4500 and now when my users connect to our sharepoint portal they are being prompted for their network passwords, i have tried almost every possible configuration and was told by jtac that sso would not function through WSAM, has anyone had any success with this or noticing the same issue? I have tried Basic Auth, NTLM with fallback to NTLM v1 on and off and am now on Kerberos with fallback to NTLM v2 checked using these settings


Re: SSO and Sharepoint

Hi Sonic.

I think there is some confusion in your post. First of all are you trying to access sharepoint in Core access (rewrite) or via WSAM.

Then, what is the authentication mechanism required for your sharepoint portal: NTLM ? Kerberos ?

If using core access, you should configure SSO under Web Policies > SSO > General, fill in the relevant data (e.g: constrained delegation or IVE intermediation for Kerberos or e.g: Domain_Name/Variable/<USERNAME>/<PASSWORD> for NTLM) depending on what authentication type you need for sharepoint.

Then configure a new SSO policy for the resource you want (resource: http(s)://your_sharepoint_portal_FQDN)

Please remember the following (from Admin guide):

1. Specify an IVE host name that ends with the same suffix as your protected resource using settings in the System > Network > Overview page of the admin console. (The IVE checks the host names to ensure that it is only enabling SSO to sites within the same Intranet.)


It DOES support Windows integrated authentication (I guess that's what you call single sign on) in both NTLM (since 5.x) AND Kerberos (new since 6.4) but in this case it is not really single sign on. For this to work, the client PC must be already joined to the domain your sharepoint portal is belonging (or have a trustee domain relationship) and the local Windows user must also be a user of the same domain. In this case, Windows integrated authentication will also occur over WSAM. But that is very different story from Web SSO, in this case WSAM is just tunneling the native Windows NTLM/Kerberos authentication steps.

If it doesn't work for you then you should progress the issue through a JTAC case, because I got it to work OK in both scenario (against a Sharepoint 2007 portal).




Re: SSO and Sharepoint

Does your SharePoint support basic auth internally?

I have ours set to use basic auth, and it's been working great (running MOSS 2007). I'm only running 6.4R3 in our test environment, and it seems to be fine. Haven't tried 6.5R1 yet. Could you try a rollback to 6.4 and see if it's possibly an "undocumented" feature of 6.5R1?