The Integration for Single Sign-On installation wizard must be run on both the Web Server and Application Server before configuring an Authentication Server model.
These steps also are used to configure the OnBase Patient Window and DeficiencyPop for the Integration for Single Sign-On. Configure these applications using the same steps used to configure the OnBase Web Server.
-
Launch the Single Sign On Config utility (SingleSignOnConfig.exe).
Note:
If Windows UAC is enabled, the executable must be run as an administrator.
The Single Sign On Config dialog is displayed.
-
Enter the path to the Virtual Directory of the OnBase Web Server. In a default installation, the virtual directory is at C:\inetpub\wwwroot\AppNet
If you are configuring the Integration for Single Sign-On for a different Web application, such as the OnBase Patient Window, use the virtual directory for the applicable Web application.
-
Select Web Server in the Type section. The Authenticator drop-down list is displayed.
Note:
Do not select App Server at this time.
- Select Uses App Server. The Web Server Config options are enabled.
-
From the Authenticator drop-down list, select the authentication scheme that is used in your organization. Integration for Single Sign-On must use one of the available authentication methods.
The following items should be noted about some of the authenticators:
-
The SAML authenticator requires the information in the SAML SSO Properties dialog box to be completed. See SAML SSO Configuration for more information before closing the Single Sign On Config utility.
-
The CAS authenticator requires the information in the CAS Namespace dialog box to be completed. See CAS SSO Configuration for more information before closing the Single Sign On Config utility.
-
The PeopleSoft Enterprise authenticator requires additional configuration. See Single Sign-On for PeopleSoft Enterprise.
-
The OnBase Entrust authenticator requires additional configuration. In order to function correctly, this authentication method must be partly configured using a separate utility. See Enabling OnBase Entrust.
-
The CUSTOM... authenticator requires Integration for Single Sign-On to be deployed in a way consistent with the custom authentication solution. See Using Custom Authenticators before continuing with the configuration.
-
-
Enter or select an ASP.NET Identity.
This is the ASP.NET user that the authentication server impersonates and that the service runs under. If the application is not impersonating, specify ASPNET as the user.
Note:You must specify a domain account to use as the ASP.NET Identity.
CAUTION:It is highly recommended that the consuming application run under its own identity. By doing so, the private key is protected and other ASP.NET applications on the server are not able to use the same private key to send unauthorized messages to the web service.
-
Click Configure. A public key is generated and displayed in the Public Key Token field.
-
Copy the Public Key Token to the Windows clipboard by right-clicking the Public Key Token value and selecting Copy. This value is required to complete the App Server configuration.
Tip:
If the OnBase Application Server that is used as the authentication server is a different machine from the Web Server, you must copy this value to a text file accessible from the Application Server.
- Continue to the App Server configuration steps. See App Server Configuration.