Setup IIS for Windows Authentication LDAP


How does IIS request information from LDAP?

When an user login an SSO (Single Sign on) application, IIS sends a request to LDAP (Lightweight Directory Access Protocol) for user information for authentication. LDAP and IIS communicate ( IIS sends a request to LDAP in order to get some user information). Windows IIS Manager couldn't locate any connection between IIS and LDAP.

Download the Plugin

Configuration Support and Free Trial

If you want support in configuring the plugin, or to integrate IIS for Windows Authentication LDAP with Joomla, click on Free Configuration Setup button.

We provide a 7 day full feature trial wherein you can fully test out all the features of the plugin, click on Free Business Trial button.


Steps to Integrate IIS for Windows Authentication LDAP for Single Sign-On (SSO)

Configure IIS for Windows Authentication LDAP into Joomla

  • Open Command prompt in Administrator mode.
  • Execute the following command on it to add Service Principal Name (SPN) for the account
    • setspn -a HTTP/## Server FQDN ## ## Domain Service Account ## Example: C:\Users\Administrator> setspn -A HTTP/mini.example.com gpadmin
      Note: "mini.exmaple.com" here is FQDN. Make sure it's resolvable on the Windows server running AD service.
  • Open Active Directory Users and Computers.
  • Search for the service account which was used to create the Service Principal Name (SPN).
  • Navigate to the Delegation tab.
  • Select Trust this user for delegation to any service (Kerberos only).
    •  Joomla LDAP kerberos windows-1
  • Click Apply.
  • Open up IIS Manager.
  • Select the site which you want to apply Windows Authentication to.
  • Select the Application Pool for that website. Right click on it and select Advanced Settings.
    •  Joomla LDAP kerberos windows-2
  • Use Custom Account and set the account as the service account for which delegation was enabled. You would need to enter the password of the service account as well.
    •  Joomla LDAP kerberos windows-3
  • Navigate to the Authentication section for the website.
    •  Joomla LDAP kerberos windows-4
  • Enable Windows Authentication and disable Anonymous Authentication.(Both cannot work simultaneously)
    •  Joomla LDAP kerberos windows-5
  • Go to the Configuration Editor.
    •  Joomla LDAP kerberos windows-6
    • Search for: system.webServer/security/authentication/windowsAuthentication
       Joomla LDAP kerberos windows-7
  • Set useKernelMode as False and useAppPoolCredentials as True in the Configuration editor.
  • Click Apply.
  • Restart IIS server.

Additional Resources.

Business Trial

If you want Business Trial for FREE Click Here

If you don't find what you are looking for, please contact us at joomlasupport@xecurify.com or call us at +1 978 658 9387.

Hello there!

Need Help? We are right here!

support
Contact miniOrange Support
success

Thanks for your inquiry.

If you dont hear from us within 24 hours, please feel free to send a follow up email to info@xecurify.com