Phil > I’ve read that in IIS both Anonymous and Windows > Authentication should be enabled, but if I enable Anonymous > authentication > the login page is > always displayed to the users stopping SSO from working.
I'm pleased the JSS documentation was of assistance :-) Unfortunately, this advice isn't relevant to the community code. IIS front ends are a limited. Additional effort is required to secure it and build a solution meeting your requirements. This is why we've developed our own IWA adapter, a fully featured Kerberos/NTLMv2 solution for maximum interoperability. We recommend it to all AD integrations because IIS offers nothing to the majority of IWA installations. And then you have other issues, such as what happens when a user doesn't exist in ITSM? Most users don't want to see a login screen - it promotes a call to the help desk. And if they call the help desk, what are they going to say? It's much better to have incidents automatically raised against the actual error (no account, account locked, NTLM/Kerberos failure, etc) so the incident is both known to the support desk and routed to the correct team . The "community code" is good for small installations, proof of concepts, etc. It's not something suitable for an enterprise environment. John _______________________________________________________________________________ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug12 www.wwrug12.com ARSList: "Where the Answers Are"
