Can I use iChain to protect a Sharepoint site?
Yes! If you want documents to open in MS office directly from the Sharepoint server however (not save a copy, work on it then upload it) you will need to configure iChain as follows:
1. On your iChain server, configure your authentication profile to "allow authentication through HTTP authorization header".
2. Check the "Use basic / proxy authentication" option. You need this so that the MS Office suite can authenticate to iChain; it is not possible for Office to authenticate using a web form.
3. Configure your IIS website that is hosting the Sharepoint site to allow basic authentication.
4. Pass the Sharepoint server a username it recognizes - either username@dominname or domainname\username.
I have achieved this by adding a userPrincipalName attribute to our iChain authentication eDirectory, and syncing the value over from Active Directory using DirXML. We then pass this by configuring OLAC for this accelerator as follows:
- Name = iChain_UID
- Data Source = LDAP
- Value = userPrincipalName
- Check the "http header" box
This will allow MS Office to authenticate. What you will notice is that because iChain uses a session cookie for authentication, you can open a Word document, for example, and you will be prompted to authenticate. On opening subsequent Word documents, you will not be asked to authenticate. Once you close Word, then open a new document, you will be prompted to authenticate again, as the session cookie has been destroyed.
- iChain 2.3
- Windows 2003 Domain (tested version)
- Sharepoint 2003 (tested version)
Disclaimer: As with everything else at Cool Solutions, this content is definitely not supported by Novell (so don't even think of calling Support if you try something and it blows up).
It was contributed by a community member and is published "as is." It seems to have worked for at least one person, and might work for you. But please be sure to test, test, test before you do anything drastic with it.