Single-Sign-On for AskiaVista with Active Directory
This article describes how to setup an Active Directory-based single-sign-on for AskiaVista.
Definition
What is Single Sign On ? And what is Active Directory?
Basically, setting up this Active Directory-based SSO will allow your internal users (those who are registered on your Windows domain via Active Directory) to be automatically signed in to AskiaVista. This avoids having to sign in each time they connect to your AskiaVista setup.
Setup
In IIS, disable "Anonymous Authentication" and enable "Windows Authentication" in order to retrieve the SAMAccountName in AskiaVista.
You then need to update the SAMAccountName field located in the AV_Users table of the AskiaVista SQL DB with all relevant user SAMAccountName values. This can either be performed directly on the appropriate field in the AV_Users table or via the corresponding field in the User management of the AskiaVista Administration:
AskiaVista performs a search in LDAP to make sure the account exists. To perform a search in Active Directory, the LDAP properties (Path and AuthenticationType) must be added to the AskiaVista configuration:
Method 1: AskiaVista Configurator
Open AskiaVistaConfigurator.exe (located in the ./AskiaCtrl folder) and browse to the Active Directory tab. Specify the LDAP path in the Directory Entry Path field and the Authentication type in the relevant dropdown menu.
Method 2: Askia.config file
The Askia.config file is located in the ./AskiaCtrl/ folder):
Below, some examples of LDAP paths:
Path = "LDAP://DC=<domain name" 2Path = "LDAP://CN=<group name>, CN =<Users>, DC=<domain component" 3Path = "LDAP://CN=<full user name>, CN=<Users>, DC=<domain component" 4Path = "LDAP://CN=<computer name>, CN=<Computers>, DC=<domain component" 5Path = "LDAP://CN=<computer name>, CN=<Computers>, DC=<domain component" 6Path = "LDAP://CN=<user name>,OU=<Organizational Unit,DC=<domain component" 7Path = "LDAP://AD_SERVER/CN=<user name>,OU=<Organizational Unit,DC=<domain component"
For more information on these authentication types paths, see the MSDN wiki.
Once it's validated AskiaVista searches the AskiaVista DB to check if the SAMAccountName exists (using the SAMAccountName in the AV_Users table). If the user exists, he/she will be automatically connected to AskiaVista.