Configuring the Application Server - Legacy Authentication Methods - Foundation 23.1 - Foundation 23.1 - Ready - OnBase - Essential - Premier - Standard - external - Standard - Essential - Premier

Legacy Authentication Methods

Platform
OnBase
Product
Legacy Authentication Methods
Release
Foundation 23.1
License
Standard
Essential
Premier

The OnBase Application Server can be optimized for non-interactive Active Directory authentication using the Optimize for Windows Authentication tool in the Web Application Management Console.

Note:

Before configuring any OnBase web applications, ensure that the identity running the application pool for the module is registered as the SPN. See Registering a Service Principal Name (SPN) and Configuring Delegation in Microsoft Windows.

To use the Optimize for Windows Authentication tool and configure the Application Server:

  1. Launch the Web Application Management Console.
    Tip:

    For complete details on installing and using the Web Application Management Console, see the Web Application Management Console module reference guide.

  2. Click Open Web Application in the upper left of the window.
  3. Select the Application Server from the Select the web application to configure list.
  4. Select Tools | Optimize for Windows Authentication.
  5. Click Yes in the confirmation dialog that is displayed.
  6. Save the configuration and close the Web Application Management Console.
  7. In Microsoft Windows, launch the Internet Information Services (IIS) Manager with elevated administrator privileges.
    Note:

    IIS is a Microsoft product. Complete details on using IIS and the IIS Manager can be found in the documentation available from Microsoft.

  8. In the Sites area, configure the following settings for the web application of the OnBase Application Server.

    Setting

    Configuration

    IIS | Authentication | Anonymous Authentication

    Set to Enabled.

    IIS | Authentication | ASP.NET Impersonation

    Set to Disabled.

    IIS | Authentication | Windows Authentication

    Set to Disabled.

    Note:

    Additionally, Negotiate must be at the top of the list of providers. To access the providers list, right click Windows Authentication and select Providers.

  9. If the OnBase Application Server is hosted on a different server from the other OnBase web applications, you must also complete the following configuration:
    1. Under Management, launch the Configuration Editor for the web application of the OnBase module.
    2. From the Section drop-down list, navigate to the system.webServer/security/authentication/windowsAuthentication path.
    3. Set the value of useAppPoolCredentials to False.
  10. Under the Default Web Site, expand the pages under the OnBase Application Server and select the AuthService.asmx page.
  11. Configure the following settings for the AuthService.asmx page.

    Setting

    Configuration

    IIS | Authentication | Anonymous Authentication

    Set to Disabled.

    IIS | Authentication | ASP.NET Impersonation

    Set to Disabled.

    IIS | Authentication | Windows Authentication

    Set to Enabled.

    Note:

    Additionally, Negotiate must be at the top of the list of providers. To access the providers list, right click Windows Authentication and select Providers.

  12. In the Application Pools area, configure the following setting for the application pool of the OnBase Application Server.

    Setting

    Configuration

    Process Model | Identity

    The domain account you registered the SPN to (see Registering a Service Principal Name (SPN) and Configuring Delegation in Microsoft Windows).

  13. Recycle the application pool of the OnBase Application Server for the changes to take effect.
    Tip:

    To configure the OnBase web applications that use the Application Server, see Configuring Web Applications.