Knowledgebase
Configuring Foray Adams Authentication
Posted by Diane Hancock on 13 April 2016 03:50 PM

Foray Adams Authentication

Foray Adams supports either "Require Login" or "Integrated Windows Authentication" methods for authentication.  

"Require Login" = Foray Adams applications prompt the user to enter their domain credentials (i.e. user name and password)

"Integrated Windows Authentication" = Foray Adams applications do not prompt the user to enter their domain credentials as long as the credentials entered when they logged onto the machine are domain credentials.  This method is supported by Adams Web starting in Adams version "5.4 + Web Processing".

Both the Adams Web application configuration file (i.e. web.config) and the Adams Central Configuration need be modified to setup an authentication method. If the two configurations are not consistent, then when Adams Web is accessed, an error message will show stating that the two configuration are out sync.  The following sections explain how to configure each authentication method.  Pick the applicable section depending on whether login is required or not. These steps should be done anytime Foray Adams is initially setup or is upgraded.

Require Login Method

To configure the Require Login authentication method, on the Adams Web server, modify the Adams Central Configuration and IIS settings for Adams Web as follows.

  1. In Configure Adams > Edit Central Configuration
    1. Check "Require Users to Login"
    2. Select save
  2. In Internet Information Services (IIS) Manager
    1. Select Adams Web
    2. IIS > "Authentication"
    3. Disable "Windows Authentication".  If the "Windows Authentication" is not an option, then skip this step.
    4. Enable "Forms Authentication" and set the values as follows:
      1. Login URL: Login.aspx
      2. Authentication cookie time-out (in minutes):  20
      3. Cookie settings Mode: Use device profile
      4. Cookie settings Name: FORAYAUTH
      5. Protection mode: Encryption and validation
      6. Requires SSL: checked if the customer has set up a SSL certificate
      7. Extend cookie expiration on every request: checked
    5. Save
    6. ASP.NET > "Machine Key"
    7. For the Encryption method, select SHA1

Integrated Windows Authentication

To configure the Integrated Windows Authentication method, on the Adams Web server, modify the Adams Central Configuration and IIS settings for Adams Web as follows.  Note, this form of authentication will not work for customers that do processing with Adams Bridge from multiple domains.

  1. In Configure Adams > Edit Central Configuration
    1. Uncheck "Require Users to Login"
    2. Select save
  2. If Adams version "5.4 + WebProcessing" or later is installed, on the Adams Web server, open the Internet Information Services (IIS) Manager
    1. Select Adams Web
    2. IIS > "Authentication"
    3. Disable "Forms Authentication"
    4. Enable "Windows Authentication".  If the "Windows Authentication" is not an option, then go to the "Turn Windows Features On" option and select Internet Information Services > World Wide Web Services > Security and check the "Windows Authentication" option.
    5. With “Windows Authentication” selected, select “Advanced Settings…”. Uncheck the “Enable Kernel-mode authentication” checkbox. Select OK.
    6. Restart the Adams Web application pool.
  3. On each client machine that will connect to Adams Web, add the web server to the local intranet site list:
    1. In IE, go to Settings > Internet Options > Security > Local intranet > Sites > Advanced
    2. Add http://*.<domainname>.com or http://<servername>.<domainname>.com to the list
    3. Close and OK out
    4. For a domain see the KB article Set Local Intranet Sites List via Domain Group Policy
  4. On each client machine, verify that the "Automatic logon only in Intranet zone" or "Automatic logon with current user name and password" are selected for Local Intranet Zone.
    1. In IE, go to Settings > Internet Options > Security > Local intranet > Custom Level
    2. Scroll down to the bottom of the Settings pane
    3. Select either
      • User Authentication > Logon > Automatic logon only in Intranet Zone
      • OR 
      • User Authentication > Logon > Automatic logon with current user name and password
    4. OK out

Troubleshooting

See KB Can't Login to AdamsWeb

Adams Admin 5.6 or Later

For Adams Adam as long as the IIS and web.config settings are correct, then the login prompt is controlled by the "Require Login" checkbox in the central configuration. Here's how to verify the IIS and web.config settings for Adams Admin.

In IIS:

  • The authentication mode after installation should be Windows.  To verify and change:
    1. Sites > Default Web Site > Adams Admin
    2. Management > Configuration Editor
    3. Section > system.web > authentication
    4. mode = Windows
  • Anonymous and Windows Integrated Authentication should be enabled.  To verify and change:
    1. Sites > Default Web Site > Adams Admin
    2. IIS > Authentication
    3. Enable Anonymous Authentication
    4. Enable Windows Integrated Authentication
    5. Disable all other authentication modes
  • If you made changes, recycle the Adams Admin application pool

Comments (0)