Configure Help Desk Premier Single Sign On with IIS 7.5
Because of changes in IIS with the release of 7.5 the process to successfully configure single sign-on (SSO) may have changed for you based on your IIS configuration.
This article assumes a working knowledge of IIS and Windows server configuration.
To configure IIS properly to work with Help Desk Premier’s Single Sign-On, you should follow these steps.
1. Run IIS Manager, and expand the server node, and the sites node to select Help Desk Premier. Then in the Feature View, select (by double clicking) Authentication:
Note: Make sure in the Connection pane on the left, you have selected the Help Desk Premier site, and not another site or the server itself.
2. Once you have double clicked on Authentication, you should see four authentication methods:
You must have the Authentication status set as follows:
Anonymous Authentication = Disabled
ASP.Net Impersonation = Enabled
Forms Authentication = Disabled
Windows Authentication = Enabled
To change the status of an Authentication method, simply right click on it, and select Enable or Disable from the context menu, as appropriate.
If an authentication role, such as Windows Authentication, does not appear for your IIS installation, you can easily add it with the following steps:
WINDOWS SERVER 2008 OR WINDOWS SERVER 2008 R2
- On the taskbar, click Start, point to Administrative Tools, and then click Server Manager.
- In the Server Manager hierarchy pane, expand Roles, and then click Web Server (IIS).
- In the Web Server (IIS) pane, scroll to the Role Services section, and then click Add Role Services.
d. On the Select Role Services page of the Add Role Services Wizard, select Windows Authentication, and then click Next.
Once all four Authentication roles are installed and set to the proper status (enabled or disabled), you have successfully configured IIS for SSO with Help Desk Premier.
Check / Update Your web.config File
If you’ve installed build 214 or later, you should not need to follow this step.
Otherwise, your Help Desk Premier configuration file, named “web.config”, may need updated to allow the application to properly operate in a single sign-on environment.
The web.config file is located in the install directory, which is typically C:\inetpub\wwwroot\HelpDeskPremier (this will be the directory, unless you have moved the application or have IIS installed in a different location).
You can edit this file in a variety of applications, although we recommend NotePad++ as it will retain all formatting in the file.
Edit the file and look (search) for </system.web>. If your web.config file is not ready for SSO, it will look like this:
Right above </system.web> simply add a line that reads like this:
<identity impersonate=”true” />
Therefore, once this line has been added, it will appear as:
The second modification to the web.config file is on the line that reads “authentication mode=”Forms”, as shown here:
Change this line by replacing the word Forms with Windows, and removing the second line that says “<forms loginUrl, etc”. When done, these two lines should be reduced to one line, that appears like this:
Once this second change is made, you can save your web.config file. Please note that you may encounter a permissions problem with the directory where Help Desk Premier is installed. If so, you may need to grant full control of that directory to the logged in user, before you are allowed to save the web.config file. For example, you might need to give full control to Administrators, as shown here:
Configure Help Desk Premier Properly
Unrelated to IIS, but worth noting, you must also make sure Help Desk Premier itself is configured to allow SSO. To do this, simply edit your System Settings (which are found under the Administration panel), and click the “AD Integration” checkbox, as well as “AD Single Sign On” and “AD Live Sync” as shown here:
This will tell Help Desk Premier to check for AD Integration and bypass the login screen.
Following the above steps in an IIS 7.5 environment should allow you to utilize Help Desk Premier’s SSO feature. If you encounter any difficulties, please contact us at firstname.lastname@example.org