Changes for page Einmalanmeldung

From 6.1 to 6.2

From version 1.1

edited by MKO
on 20.01.2021, 16:20

Change comment: Imported from XAR

To version 6.1

edited by MKO
on 20.05.2022, 10:29

Change comment: There is no comment for this version

Raw
Rendered

Summary

Page properties (1 modified, 0 added, 0 removed)

Details

Page properties

Content

@@ -1,5 +1,13 @@
++//Single sign-on// for {{smallcaps}}Ntlm{{/smallcaps}} and Kerberos is a {{formcycle/}} license module which is subject to additional costs.
++
  {{content/}}
++{{warning}}
++We would like to inform you that in future we will say goodbye to {{smallcaps}}Ntlm{{/smallcaps}} as an option for single sign-on. We are following a general recommendation from Microsoft, according to which {{smallcaps}}Ntlm{{/smallcaps}} should no longer be used by applications in the future due to insufficient security mechanisms ([[statement from Microsoft>>https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-nlmp/1e846608-4c5f-41f4-8454-1b91af8a755b?redirectedfrom=MSDN||rel="noopener noreferrer" target="_blank"]] or [[statement in the forum>>https://answers.microsoft.com/en-us/msoffice/forum/all/ntlm-vs-kerberos/d8b139bf-6b5a-4a53-9a00-bb75d4e219eb||rel="noopener noreferrer" target="_blank"]] under Chapter 3). Microsoft then published patches to improve security, but these will no longer work with the current {{smallcaps}}Ntlm{{/smallcaps}} implementation in FORMCYCLE. Since it is not recommended to continue using the module, we will stop further development of the module from FORMCYCLE version 7 onwards.
++
++For existing customers we offer to switch to Kerberos for free. The activation for Kerberos is done automatically in the licence of V7, if {{smallcaps}}Ntlm{{/smallcaps}} has already been licensed.
++{{/warning}}
++
  {{figure image="single_sign_on_ntlm_en.png" width="600"}}
  User interface for setting up {{smallcaps}}Ldap{{/smallcaps}} authentication via {{smallcaps}}Ntlm{{/smallcaps}}. Available only if the license allows it.
  {{/figure}}
@@ -66,7 +66,7 @@
  A computer account is recognizable by the '$' character in the domain name. e.g. example$@domain.de
  {{/info}}
--Help pages of ca technologies on [[creating a computer account for NTLM authentication on active directory server.>>https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/layer7-api-management/api-gateway/9-3/policy-assertions/assertion-palette/access-control-assertions/require-ntlm-authentication-credentials-assertion/creating-a-computer-account-for-ntlm-authentication.html||rel="__blank" title="Creating a Computer Account for NTLM Authentication"]]
++We are currently unable to provide a description of the procedure for creating a computer account in the Active Directory server and this must be referred from external sources in the relevant documentation.
  === computer account password ===
@@ -140,10 +140,9 @@
  {{/info}}
  {{info}}
--To this user you must, in Active Directory for example, register the Domians to be used as ServiePrincipalName beginning with the service class HTTP. You can find more information [[here>>https://social.technet.microsoft.com/wiki/contents/articles/717.service-principal-names-spn-setspn-syntax.aspx||target="_blank"]] or [[here>>https://docs.microsoft.com/en-us/windows-server/networking/sdn/security/kerberos-with-spn||target="_blank"]].
++To this user you must, in Active Directory for example, register the **hosts of the urls **and the **computer name** to be used as ServiePrincipalName beginning with the service class HTTP. You can find more information [[here>>https://social.technet.microsoft.com/wiki/contents/articles/717.service-principal-names-spn-setspn-syntax.aspx||rel="noopener noreferrer" target="_blank"]] or [[here>>https://docs.microsoft.com/en-us/windows-server/networking/sdn/security/kerberos-with-spn||rel="noopener noreferrer" target="_blank"]].
  {{/info}}
--(% class="wikigeneratedid" %)
  === Password ===
  Password of the service account.