Jump to content

Recommended Posts

Posted

When using the Active Directory Integrated version of Passwordstate, your browser should pass through your domain credentials from the currently logged in user to the web server, and you should not be prompted to enter your username and password. If you are, the following could be possible causes:

Suggestion 1

  • The Passwordstate web site should be detected as being in the 'Local Intranet' security zone.  If it is not, you can add your Passwordstate URL under Control Panel -> Internet Options -> Security Tab -> Local Intranet -> Sites. The option for 'User Authentication' should also be set to 'Automatic logon only in Intranet zone'.

           2023-08-24_8-19-30.png2023-08-24_8-19-06.png

 

  • You can apply the URL to all machine son your network via Group Policy instead:

          2023-08-24_8-11-31.png

 

  • If you need to quickly check that the URL is in your Local Intranet zone, run the following Powershell code: $(get-item "HKCU:\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapKey").property
  • If you find that you have created a Group Policy with your site, the group policy is successfully applying to your machine, but you are still getting a browser based prompt, this could be related to this fix: https://serverfault.com/questions/788463/why-is-sitetozoneassignment-gpo-applying-but-sites-not-appearing-in-ie
  • If using Firefox, it does this by design. To fix this, please try the following:
    • Open Firefox, and type about:config in the URL bar
    • Search for network:automatic
    • Double click network.automatic-ntlm-auth.trusted-uris and enter your full Passwordstate URL.  (Screenshot below for reference)
    • Restart your browse and Single Sign on should now work

 

2018-03-16_11-06-10.png

 

Suggestion 2

Ensure that the DNS entry you have created for your Passwordstate URL is a CNAME DNS entry, and not a A record.

 

Suggestion 3
Something else which has affected a few customers in the past is the order of authentication 'providers' in IIS for the Windows Authentication. By changing the following setting, helped prevent the web site prompting for authentication:

 

  • Open IIS and select the Passwordstate web site
  • Open the "Authentication" property under the "IIS" header
  • Click the "Windows Authentication" item and click "Providers"
  • Try moving NTLM to the top, then restart IIS, or reboot the server

 

Suggestion 4
Using host files for name resolution does not work with using Windows Authentication in IIS. You need to use DNS for name resolution.

 

Suggestion 5
You need to be logged on with a domain account, not a local account on a desktop or server. If accessing Passwordstate from a Mac or Linux machine, you cannot prevent this prompt as Single Sign on will not work.  Possibly you could consider enabling Anonymous Authentication on your Passwordstate website, which means users need to enter their username and password to access the system.

 

Suggestion 6
Believe it or not, sometimes a reboot of the web server after upgrades has helped quite a number of customers.

 

Suggestion 7

If you do not have a CName DNS record already for your Passwordstate URL, please create one and that should help.  An example of a CNAME DNS record can be found in this forum post: https://forums.clickstudios.com.au/topic/1465-changing-the-passwordstate-url/

 


Regards

Click Studios

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...