Integrated Windows Authentication browser requirements
If you have problems with IWA, verify the following:
- Internet Explorer
- Add the URL to Local intranet zone
AD SSO might not work if your browser does not consider the server as a Local intranet site. Make sure you add your service domain URL (e.g. verba.company.com) to Local intranet zone in Internet Explorer. This step is usually not required, because Internet Explorer is able to recognize local intranet sites.Go to Tools > Internet Options > Security
Select the Local intranet icon and click Sites
Click Advanced and add the URL of the server (for example: http://verbaserver.com). - Strange error pages with HTTP Status 401
Internet Explorer users may occasionally receive strange error pages after logged in to Verba using Single Sign On. Unfortunately, the cause of the issue is an Internet Explorer feature and can be solved on the client computer only. Microsoft has confirmed that this is a problem with the Microsoft products.
The only workaround currently is to disable NTLM Pre-Authentication on the client computer:Use Registry Editor (Regedt32.exe) to add a value to the following registry key: HKEY_CURRENT_USER/Software/Microsoft/Windows/CurrentVersion/Internet Settings/
Add the following registry value:
Value Name: DisableNTLMPreAuth
Data Type: REG_DWORD
Value: 1
A description and the same workaround from Microsoft can be read here:Â http://support.microsoft.com/kb/2749007Â
- Ensure that "Enable Integrated Windows Authentication" is checked (by default it is).
Go to Tools > Internet Options > Advanced
Scroll down to the Security section
Find "Enable Integrated Windows Authentication" and ensure that it is checked.
- Add the URL to Local intranet zone
- Firefox
- If SSO does not work (ie. an unexpected login box appears, or HTTP 401 error comes up), probably the Verba server has to be added to the trusted SSO servers.
At the address field, type about:config
In the Filter, type network.n
Double click on network.negotiate-auth.trusted-uris
This preference lists the sites that are permitted to engage in SPNEGO Authentication with the browser
Enter a comma-delimited list of trusted domains or URLs (for example: http://verbaserver.com).
- If SSO does not work (ie. an unexpected login box appears, or HTTP 401 error comes up), probably the Verba server has to be added to the trusted SSO servers.
- Chrome
- Everything should work properly without any configuration.
Â
If you are facing issues using the IWA login via Chrome and IE as well, please consider using the hostname of the server instead of the IP address.