support Posted August 19, 2014 Posted August 19, 2014 When using the Active Directory Integrated version of Passwordstate, your browser should pass through your domain credentials from the currently logged in user to the web server, and you should not be prompted to enter your username and password. If you are, the following could be possible causes: Suggestion 1 The Passwordstate web site should be detected as being in the 'Local Intranet' security zone. If it is not, you can add your Passwordstate URL under Control Panel -> Internet Options -> Security Tab -> Local Intranet -> Sites. The option for 'User Authentication' should also be set to 'Automatic logon only in Intranet zone'. You can apply the URL to all machine son your network via Group Policy instead: If you need to quickly check that the URL is in your Local Intranet zone, run the following Powershell code: $(get-item "HKCU:\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapKey").property If you find that you have created a Group Policy with your site, the group policy is successfully applying to your machine, but you are still getting a browser based prompt, this could be related to this fix: https://serverfault.com/questions/788463/why-is-sitetozoneassignment-gpo-applying-but-sites-not-appearing-in-ie If using Firefox, it does this by design. To fix this, please try the following: Open Firefox, and type about:config in the URL bar Search for network:automatic Double click network.automatic-ntlm-auth.trusted-uris and enter your full Passwordstate URL. (Screenshot below for reference) Restart your browse and Single Sign on should now work Suggestion 2 Ensure that the DNS entry you have created for your Passwordstate URL is a CNAME DNS entry, and not a A record. Suggestion 3 Something else which has affected a few customers in the past is the order of authentication 'providers' in IIS for the Windows Authentication. By changing the following setting, helped prevent the web site prompting for authentication: Open IIS and select the Passwordstate web site Open the "Authentication" property under the "IIS" header Click the "Windows Authentication" item and click "Providers" Try moving NTLM to the top, then restart IIS, or reboot the server Suggestion 4 Using host files for name resolution does not work with using Windows Authentication in IIS. You need to use DNS for name resolution. Suggestion 5 You need to be logged on with a domain account, not a local account on a desktop or server. If accessing Passwordstate from a Mac or Linux machine, you cannot prevent this prompt as Single Sign on will not work. Possibly you could consider enabling Anonymous Authentication on your Passwordstate website, which means users need to enter their username and password to access the system. Suggestion 6 Believe it or not, sometimes a reboot of the web server after upgrades has helped quite a number of customers. Suggestion 7 If you do not have a CName DNS record already for your Passwordstate URL, please create one and that should help. An example of a CNAME DNS record can be found in this forum post: https://forums.clickstudios.com.au/topic/1465-changing-the-passwordstate-url/ Regards Click Studios
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now