Enabling Premium SSO

Single Sign On is a technique in which your current Windows domain login to access Solar Archive, bypassing the login page.

In the SSO technique, passwords are not passed, instead your current windows user token is used for validation. A token is computed every time you log in to a Windows domain, and hence it cannot be cached and used again. This technique only works with NTLM or NTLMv2 tokens and it is designed to only work in Microsoft Domains.

Furthermore, to prevent man in the middle attacks, the user token includes a ‘source pc identifier’. To validate SSO, the Windows Domain Controller will check if the source of the validation request (Solar Archive) is the same as the source PC encoded into the token (the user’s PC). In order for this to work, Solar Archive server needs to be registered as a Computer in the Windows Users & Computers list.

Prerequisites to enable premium SSO

  • Create a COMPUTER account in the Active Directory Users and Computers.

  • Then use the script SetComputerPass.vbs to generate a password. To download the script, click the Download Script button in the Premium SSO options page.

Solar Archive will then be able to create an authenticated connection to your Domain Controller, over which secure SSO connections may be passed.

  1. Navigate to Adv. Configuration > SSO - Single Sign On.

  2. Enter / Select the required values in the fields. Refer to the table below for field names and descriptions. (Note: Hover your mouse on the field names for additional information and / or example values.)

  3. Click the Apply button to save the configuration.

  4. To test the SSO connection, click the SSO Connection Test.

  5. After saving this configuration, the web server needs to be restarted to ensure that SSO is being used. To do this, navigate to the Management > Restart > Restart WebServer.

  6. To review logs, click the Show Log button.

Last updated