Skip navigation
2960 Views 11 Replies Latest reply: Dec 27, 2011 4:55 AM by dodiy RSS
dodiy Apprentice 67 posts since
Jun 7, 2010

Has received 1 of 9 achievements.
Currently Being Moderated

Dec 15, 2011 7:50 PM

Single Sign On and LDAP Integration

I'm using Service Desk 7.4. Would like to ask is anyone have done the integration that use both Single Sign On and LDAP Integration.

 

What I want to achieve is when user/analyst login to their Windows through domain and click the LANDesk Service Desk either client console or web access, it will use Integrated Login (Single Sign On) without them key in the username and password.

 

But if the user/analyst want to work at home/outside from company network they can access the web access using LDAP integration that need the user/analyst to key in the username and password.

 

Can anyone give feedback whether this is possible or not?

 

Regards,

Dodi

  • paul.enkelaar Expert 209 posts since
    Sep 5, 2010

    Has received 6 of 9 achievements.
    Currently Being Moderated
    1. Dec 15, 2011 9:04 PM (in response to dodiy)
    Re: Single Sign On and LDAP Integration

    Hi Dodi

     

    We have three separate web access virtual directories, so that I can choose to logon using single sign-on (so that users go straight in without typing their username and password in), another that they do get prompted to type in the AD username and password, and a third which logs on using their LANDesk credentials.

     

    The only site advertised is the main single sign-on one.  The second could be used (as you say), when wanting people to connect from outside your organisation.  The third we only use from a support side of things, so that we can login as other users simply for trouble-shooting purposes.

     

    This doc (http://community.landesk.com/support/docs/DOC-11425) talks you through setting up single sign-on with integrated logon, and then you can simply create another virtual directory with explicit logon.

     

    Hopefully that helps.


    Cheers

     

    Paul

  • paul.enkelaar Expert 209 posts since
    Sep 5, 2010

    Has received 6 of 9 achievements.
    Currently Being Moderated
    3. Dec 15, 2011 9:20 PM (in response to dodiy)
    Re: Single Sign On and LDAP Integration

    My file structure on the app server looks like:

    Attachments:
  • paul.enkelaar Expert 209 posts since
    Sep 5, 2010

    Has received 6 of 9 achievements.
    Currently Being Moderated
    5. Dec 15, 2011 10:16 PM (in response to dodiy)
    Re: Single Sign On and LDAP Integration

    Hi Dodi

     

    This directory structure is replicated in the inetpub\wwwroot folder.  In my instance, WebAccess is my automatic logon, WebAccessLDAP is manual AD logon, and WebAccessLogin is the LANDesk username.

     

    Sorry, my previous post mentioned it was app server.  I meant to say Web Server.

     

    Cheers

     

    Paul

  • KarenPeacock Employee 1,131 posts since
    Jul 29, 2008

    Has received 6 of 9 achievements.
    Currently Being Moderated
    7. Dec 16, 2011 12:21 AM (in response to dodiy)
    Re: Single Sign On and LDAP Integration

    Hi

     

    This document may be of interest:

     

    http://community.landesk.com/support/docs/DOC-23342

     

    Best wishes

    Karen

  • Stu McNeill SupportEmployee 1,072 posts since
    Nov 11, 2008

    Has received 7 of 9 achievements.
    Currently Being Moderated
    9. Dec 19, 2011 9:48 AM (in response to dodiy)
    Re: Single Sign On and LDAP Integration

    Hi Dodi,

     

    The SA account will always bypass the LDAP authentication and use regular explicit login.  You can enable more descriptive error messages for the LDAP authenticaion if the <ShowExceptions> setting in your LDAP auth configuration file is set to true so you can see what the actual issue is.

  • Expert 233 posts since
    Jan 27, 2009

    Has received 7 of 9 achievements.
    Currently Being Moderated
    10. Dec 19, 2011 3:48 PM (in response to dodiy)
    Re: Single Sign On and LDAP Integration

    Hi Dodi,

     

    Looking at your scenarios-

    dodiy wrote:

     

    The scenarios can be like these:

    1. Employee access service desk within company network which is join domain. (this will use Single Sign On)

    2. Employee access service desk at home/outside (this will use LDAP integration)

    3. Normal user access service desk from outside (use LANDesk credential)

    4. Normal user access service desk within company network (use LANDesk credential)

     

     

    We had a customer with an almost identical request, they wanted integrated (single sign-on) access internally and externally they wanted LDAP authentication AND they only wanted one webaddress for WebAccess. Initially we thought this wouldn't be do-able, however their server team came up with a great solution- If you enable Basic Authentication and Windows Authentication for the WebAccess application in IIS then internally it performs integrated login but externally it will prompt them to login using their LDAP credentials. You set a default Domain in the Basic Auth configuration in IIS and it works like a charm.

     

    If you combine this with Karen's article on setting up a failover to go to explicit if integrated fails then you should be able to meet all of your scenario requirements without needing to configure LDAP.

     

    Note: You should use HTTPS browsing for WebAccess when running this configuration otherwise Basic Auth sends usernames and passwords unencrypted, but HTTPS will cover this.

     

    Cheers,

    Hadyn

More Like This

  • Retrieving data ...

Bookmarked By (2)

Legend

  • Correct Answers - 20 points
  • Helpful Answers - 10 points
LANDESK Community powered by Jive SBS® 4.5.7.1  |  Legal Notices  |  Privacy Policy  |  Icon 

TweeterOn Twitter  |  Icon FacebookOn Facebook © 2007 LANDESK Software