Knowledge Base3335mixed authentication | Windows authentication and Intrexx authentication (and/or Ldap authentication).
Instructions for mixed authentication in connection with IIS as reverse proxy and Intrexx as of version 19.03 for the simultaneous use of Integrated Authentication (SSO / Windows authentication) and Intrexx authentication (and/or LDAP authentication).
The following scenario describes a portal that can be used internally via Windows authentication and externally via a second page in IIS with Intrexx authentication. Classic scenario of a portal that is to be available both on the LAN (IIS page 1) and on the Internet (IIS page 2).
Please note that in this scenario either:
a. two different URLs (base URL) must be worked with, in which case, however, Intrexx cannot be used to its full extent. Functions that function on the basis of the URL are limited in this case, since the portal is thus called with two URLs; possible problems form, for example, links that point to the Intrexx portal.
b. an upstream reverse proxy must be used, which can distinguish between the networks and process the calls on the same URL, but can route them to different IP addresses to the frontend web server (IIS).
This is necessary because a separation of the calls must take place in the IIS. This is done either by host binding (variant a) or by IP assignment (variant b). Only in this way can the IIS authenticate users with the Integrated Authentication (SSO / Windows Authentication) via page 1 and the Anonymous Authentication (Intrexx Auth, LDAP Auth.) via page 2.
In addition, it should be noted that the necessary DNS entries as well as the possibly used IP address bindings are functional and can be used.You can test the DNS entries by creating a page in the IIS and storing the default page of the IIS as a directory (C:\inetpub\wwwroot). Make sure that only one of the pages in the IIS is active during this test, as this is the only way to ensure that the correct page (page1 / page2) receives the call.
The starting point is a functioning portal with the IIS as the frontend web server and an Intrexx authentication.
The following scenario describes a portal that can be used internally via Windows authentication and externally via a second page in IIS with Intrexx authentication. Classic scenario of a portal that is to be available both on the LAN (IIS page 1) and on the Internet (IIS page 2).
Please note that in this scenario either:
a. two different URLs (base URL) must be worked with, in which case, however, Intrexx cannot be used to its full extent. Functions that function on the basis of the URL are limited in this case, since the portal is thus called with two URLs; possible problems form, for example, links that point to the Intrexx portal.
b. an upstream reverse proxy must be used, which can distinguish between the networks and process the calls on the same URL, but can route them to different IP addresses to the frontend web server (IIS).
This is necessary because a separation of the calls must take place in the IIS. This is done either by host binding (variant a) or by IP assignment (variant b). Only in this way can the IIS authenticate users with the Integrated Authentication (SSO / Windows Authentication) via page 1 and the Anonymous Authentication (Intrexx Auth, LDAP Auth.) via page 2.
In addition, it should be noted that the necessary DNS entries as well as the possibly used IP address bindings are functional and can be used.You can test the DNS entries by creating a page in the IIS and storing the default page of the IIS as a directory (C:\inetpub\wwwroot). Make sure that only one of the pages in the IIS is active during this test, as this is the only way to ensure that the correct page (page1 / page2) receives the call.
The starting point is a functioning portal with the IIS as the frontend web server and an Intrexx authentication.
1. create a second htmlroot folder under <portal>/external (e.g. htmlrootIntrexxAuth), do not copy and rename the existing one!
Copy the /bin subfolder from the existing htmlroot folder to the new htmlrootIntrexxAuth folder. 3.
Copy the web.config from the attachment into the new htmlrootIntrexxAuth folder.
4. create a new (second) standalone site in the IIS Manager with the appropriate binding (hostname / IP address) and specify the new htmlrootIntrexxAuth folder as the target directory (this is the page for the Intrexx authentication).
5. now activate "Authentication through IIS / Windows domain" in the Portal Manager under Users -> Configuration. This will automatically activate the additional option "Integrated Windows authentication".
6. in the LucyAuth.cfg under <portal>/internal/cfg/, change the entry, with a UTF8-capable editor (Notepad++), for IntegratedAuth as follows ***For alternative authentication combinations, please refer to the auth.txt in the attachment:
IntegratedAuth
{
en.uplanet.lucy.server.auth.module.integrated.IntegratedLoginModule sufficient
debug=false;
de.uplanet.lucy.server.auth.module.intrexx.IntrexxLoginModule sufficient
debug=false;
en.uplanet.lucy.server.auth.module.anonymous.AnonymousLoginModule sufficient
debug=false;
};
7. restart Intrexx portal service
Copy the /bin subfolder from the existing htmlroot folder to the new htmlrootIntrexxAuth folder. 3.
Copy the web.config from the attachment into the new htmlrootIntrexxAuth folder.
4. create a new (second) standalone site in the IIS Manager with the appropriate binding (hostname / IP address) and specify the new htmlrootIntrexxAuth folder as the target directory (this is the page for the Intrexx authentication).
5. now activate "Authentication through IIS / Windows domain" in the Portal Manager under Users -> Configuration. This will automatically activate the additional option "Integrated Windows authentication".
6. in the LucyAuth.cfg under <portal>/internal/cfg/, change the entry, with a UTF8-capable editor (Notepad++), for IntegratedAuth as follows ***For alternative authentication combinations, please refer to the auth.txt in the attachment:
IntegratedAuth
{
en.uplanet.lucy.server.auth.module.integrated.IntegratedLoginModule sufficient
debug=false;
de.uplanet.lucy.server.auth.module.intrexx.IntrexxLoginModule sufficient
debug=false;
en.uplanet.lucy.server.auth.module.anonymous.AnonymousLoginModule sufficient
debug=false;
};
7. restart Intrexx portal service
Intrexx Version:
- 19.03
- SilentTrack
- SteadyTrack
Details:
Kategorie:Benutzerverwaltung
Betriebssystem:unspecific
Datenbank:unspecific
Stand von:04-08-2022