How can I configure Service Desk so that users who log in through the Web Client do not have to enter their Windows login credentials again?

Document ID : KB000055382
Last Modified Date : 14/02/2018
Show Technical Document Details

Description:

This document will help you set up Service Desk so that the users will not have to enter their login credentials when they use the Service Desk Web Client. User validation is done via the Windows login information.

Solution:

First, configure the users records so that they have a valid "System Login" in their contact record. Without this, the Web Client will not know which operating system login corresponds to which Service Desk contact.

Now, Change the "Access Type" which the users belong to so that it uses operating system authentication.

  • Log into the Web Client as an administrator.

  • Expand the "Security" leaf in the menu on the right hand side, and choose "Access Types". (In this example, we'll use the "Analyst" access type).

  • Click on "Edit", then click on the "Web Authentication" tab.

  • Tick "Allow External Authentication" and select "OS - Use Operating System Authentication" from the drop down list.

    Figure 1


  • Save this change and close the Web Client.

This means that when a user logs in, the Web Client will lookup the users operating system login credentials in the Contact table and will log them in as the appropriate Service Desk user.

The next step is to make the Web Server accept the Windows credentials and pass them on to Service Desk.

For IIS:

  • Start the IIS Manager, and expand the web sites leaf until you get to the CAisd virtual directory.

  • Right-click on this and select "Properties".

  • Click on the "Directory Security" tab and click on the edit button under "Authentication and access control".

  • De-select "Enable Anonymous Access" and select "Integrated Windows Authentication".

    Figure 2


  • Click "OK", "OK".

  • Stop and restart the Web Site.

  • That is all you need to do for IIS. If you now run the Web Client, it should log you straight in to Service Desk.

Please note that the procedure below does not work on Windows Vista, due to some changes in Windows security.

For Tomcat:

  • Download the latest jcifs.jar file from http://jcifs.samba.org/. (At the time of writing, this is jcifs-1.2.9.jar)

  • Copy this file to the $NX_ROOT\bopcfg\www\CATALINA_BASE\webapps\CAisd\WEB-INF\lib directory.

  • Edit the file NX_ROOT\bopcfg\www\CATALINA_BASE\webapps\CAisd\WEB-INF\web.xml, and locate the line:
    <!-- Add filter here -->
  • Add the following text immediately under this line:
    <filter><filter-name>NtlmHttpFilter</filter-name><filter-class>jcifs.http.NtlmHttpFilter</filter-class><init-param><param-name>jcifs.http.domainController</param-name><param-value>**domain_name**</param-value></init-param></filter>
  • Replace the string **domain_name** with either your domain name (eg. ca.com) or your domain controller hostname (eg. dc1).

  • Locate the line:
    <!-- Add filter-mapping here -->
  • Add the following text immediately after this line:
    <filter-mapping><filter-name>NtlmHttpFilter</filter-name><url-pattern>/*</url-pattern></filter-mapping>
  • Save the new web.xml file.

  • Stop and restart the Tomcat web server ("pdm_tomcat_nxd -c stop" then "pdm_tomcat_nxd -c start").

Once you have made these changes, you will be able to fire up the Service Desk Web Client and be logged in without having to enter your login details.

Other Relevant Information:

If you need more information about setting up the Tomcat client properties filter (using WINS or netbios etc.) using jcifs, two useful resources are http://jcifs.samba.org/src/docs/faq.html#ukhost and http://jcifs.samba.org/src/docs/api/overview-summary.html#scp.