Configure Help Desk Premier Single Sign On with IIS 7.5

Because of changes in IIS with the release of 7.5 the process to successfully configure single sign-on (SSO) may have changed for you based on your IIS configuration.

This article assumes a working knowledge of IIS and Windows server configuration.

Configure IIS

To configure IIS properly to work with Help Desk Premier’s Single Sign-On, you should follow these steps.

1. Run IIS Manager, and expand the server node, and the sites node to select Help Desk Premier.  Then in the Feature View, select (by double clicking) Authentication:

Select the Help Desk Premier site and double click Authentication.

Select the Help Desk Premier site and double click Authentication.

Note: Make sure in the Connection pane on the left, you have selected the Help Desk Premier site, and not another site or the server itself.

2. Once you have double clicked on Authentication, you should see four authentication methods:

Make sure Authentication Statuses are set as shown for Help Desk Premier.

Make sure Authentication Statuses are set as shown for Help Desk Premier.

You must have the Authentication status set as follows:

Anonymous Authentication = Disabled

ASP.Net Impersonation = Enabled

Forms Authentication = Disabled

Windows Authentication = Enabled

To change the status of an Authentication method, simply right click on it, and select Enable or Disable from the context menu, as appropriate.

If an authentication role, such as Windows Authentication, does not appear for your IIS installation, you can easily add it with the following steps:

WINDOWS SERVER 2008 OR WINDOWS SERVER 2008 R2

  1. On the taskbar, click Start, point to Administrative Tools, and then click Server Manager.
  2. In the Server Manager hierarchy pane, expand Roles, and then click Web Server (IIS).
  3. In the Web Server (IIS) pane, scroll to the Role Services section, and then click Add Role Services.
Add any missing authentication roles to your IIS installation.

Add any missing authentication roles to your IIS installation.

 

d. On the Select Role Services page of the Add Role Services Wizard, select Windows Authentication, and then click Next.

Make sure Windows Authentication is Installed

Make sure Windows Authentication is Installed

 

Once all four Authentication roles are installed and set to the proper status (enabled or disabled), you have successfully configured IIS for SSO with Help Desk Premier.

Check / Update Your web.config File

If you’ve installed build 214 or later, you should not need to follow this step.

Otherwise, your Help Desk Premier configuration file, named “web.config”, may need updated to allow the application to properly operate in a single sign-on environment.

The web.config file is located in the install directory, which is typically C:\inetpub\wwwroot\HelpDeskPremier (this will be the directory, unless you have moved the application or have IIS installed in a different location).

You can edit this file in a variety of applications, although we recommend NotePad++ as it will retain all formatting in the file.

Edit the file and look (search) for </system.web>.  If your web.config file is not ready for SSO, it will look like this:

Web Config File Before Modification

Search for the above line in your web.config file

 

Right above </system.web> simply add a line that reads like this:

<identity impersonate=”true” />

Therefore, once this line has been added, it will appear as:

After first modification, your web.config file should look like this.

After first modification, your web.config file should look like this.

 

The second modification to the web.config file is on the line that reads “authentication mode=”Forms”, as shown here:

Search for "authentication mode" in the web.config file.

Search for “authentication mode” in the web.config file.

Change this line by replacing the word Forms with Windows, and removing the second line that says “<forms loginUrl, etc”.  When done, these two lines should be reduced to one line, that appears like this:

The second change to your web.config file should look like this.

The second change to your web.config file should look like this.

Once this second change is made, you can save your web.config file.  Please note that you may encounter a permissions problem with the directory where Help Desk Premier is installed.  If so, you may need to grant full control of that directory to the logged in user, before you are allowed to save the web.config file.  For example, you might need to give full control to Administrators, as shown here:

Give appropriate folder permissions to update your web.config file.

Give appropriate folder permissions to update your web.config file.

 

Configure Help Desk Premier Properly

Unrelated to IIS, but worth noting, you must also make sure Help Desk Premier itself is configured to allow SSO.  To do this, simply edit your System Settings (which are found under the Administration panel), and click the “AD Integration” checkbox, as well as “AD Single Sign On” and “AD Live Sync” as shown here:

Set your Help Desk Premier System Settings to Allow SSO.

Set your Help Desk Premier System Settings to Allow SSO.

 

This will tell Help Desk Premier to check for AD Integration and bypass the login screen.

Following the above steps in an IIS 7.5 environment should allow you to utilize Help Desk Premier’s SSO feature.  If you encounter any difficulties, please contact us at support@brightboxsolutions.com

 

 

Leave a Comment (0) →