Novell is now a part of Micro Focus

Using iChain to Protect a Sharepoint Site

Novell Cool Solutions: Tip
By Jim Goodall

Digg This - Slashdot This

Posted: 21 Feb 2007


Can I use iChain to protect a Sharepoint site?


Yes! If you want documents to open in MS office directly from the Sharepoint server however (not save a copy, work on it then upload it) you will need to configure iChain as follows:

1. On your iChain server, configure your authentication profile to "allow authentication through HTTP authorization header".

2. Check the "Use basic / proxy authentication" option. You need this so that the MS Office suite can authenticate to iChain; it is not possible for Office to authenticate using a web form.

3. Configure your IIS website that is hosting the Sharepoint site to allow basic authentication.

4. Pass the Sharepoint server a username it recognizes - either username@dominname or domainname\username.

I have achieved this by adding a userPrincipalName attribute to our iChain authentication eDirectory, and syncing the value over from Active Directory using DirXML. We then pass this by configuring OLAC for this accelerator as follows:

  • Name = iChain_UID
  • Data Source = LDAP
  • Value = userPrincipalName
  • Check the "http header" box

This will allow MS Office to authenticate. What you will notice is that because iChain uses a session cookie for authentication, you can open a Word document, for example, and you will be prompted to authenticate. On opening subsequent Word documents, you will not be asked to authenticate. Once you close Word, then open a new document, you will be prompted to authenticate again, as the session cookie has been destroyed.


  • iChain 2.3
  • Windows 2003 Domain (tested version)
  • Sharepoint 2003 (tested version)

Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions.

© Copyright Micro Focus or one of its affiliates