Re: Kerberos

I think this KB article will answer your question:
http://support.microsoft.com/?id=258063

Basically, IE uses those security zones to work out whether to send credentials to a server without prompting the user. Additionally, sites that are netbios style names (i.e. http://servername) are by default, in the Intranet zone. Check the KB article for more details.

Cheers
Ken

--
My IIS Blog: www.adOpenStatic.com/cs/blogs/ken

"arduk" <arduk@xxxxxxxxxxxxx> wrote in message news:874CD6F9-0684-4464-90B3-D05F04FD8E87@xxxxxxxxxxxxxxxx
I have implemented Single Sign On (SSO) between windows and SAP Enterprise
Portal (EP) - so if a user is logged into windows, they can go to our EP
site, and EP knows who they are, and applies permissions appropriately.

I have pretty much got this working, however I have run into a couple of
things which I can't really explain, and would be interested in hearing why
it might be occurring:

1. If you open a browser, and then type in the address of the portal, the
single sign on works fine
2. If you have a browser window open (on any page) and then click a link (eg
in an email) that takes you to the portal, the SSO works fine
3. If you close all of your browser windows, and then click a link (eg in an
email) that takes you to the portal, then the user is prompted to enter their
username and password (this is a windows style login box). After they have
entered their username and password, they are taken straight into the portal
(ie no portal login box)
4. If you add the portal site address to either "trusted sites" or "local
intranet" (in IE, this is in Tools->Internet Options->, then do point 3
above, you are not prompted to login. (if you go to the portal address, it
comes up as being in the local intranet anyway, so am not sure what this
actually achieves)

Point 3 is the issue that I don't understand - why are you prompted to
login? And what is the difference if you have a browser open or add the site
to "local intranet"?

If anyone could help me out on this it would be greatly appreciated!


.

Relevant Pages

  • Re: Kerberos
    ... Has the user ever visited the SSO page or portal prior to clicking the link etc? ... credentials to a server without prompting the user. ... If you have a browser window open and then click a> link ... > username and password (this is a windows style login box). ...
    (microsoft.public.inetserver.iis.security)
  • Re: Kerberos
    ... credentials to a server without prompting the user. ... If you open a browser, and then type in the address of the portal, the ... If you have a browser window open and then click a link ... username and password (this is a windows style login box). ...
    (microsoft.public.inetserver.iis.security)
  • Re: Kerberos
    ... the browser window is closed ... credentials to a server without prompting the user. ... If you have a browser window open and then click a ... username and password (this is a windows style login box). ...
    (microsoft.public.inetserver.iis.security)
  • not authenticating when redirected from another page
    ... target page, it first checks to see if the user/browser is authenticated. ... the page I wanted after a successful login. ... authenticate, it sends the login page back again. ... even though I'm using the same browser window. ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: VPN CMAK Login script issue
    ... The password prompting happens 'cuz the access to the share needs to be ... It does not matter what login you use for your VPN connections. ... if you have a local account with the same name & password as the VPN ... >> Use of all included script samples are subject to the terms specified at ...
    (microsoft.public.isa.vpn)