Using iChain to Protect a Sharepoint Site
Novell Cool Solutions: Tip
By Jim Goodall
Digg This -
Posted: 21 Feb 2007
Can I use iChain to protect a Sharepoint site?
Yes! If you want documents to open in MS office directly from the Sharepoint server however (not save a copy, work on it then upload it) you will need to configure iChain as follows:
1. On your iChain server, configure your authentication profile to "allow authentication through HTTP authorization header".
2. Check the "Use basic / proxy authentication" option. You need this so that the MS Office suite can authenticate to iChain; it is not possible for Office to authenticate using a web form.
3. Configure your IIS website that is hosting the Sharepoint site to allow basic authentication.
4. Pass the Sharepoint server a username it recognizes - either username@dominname or domainname\username.
I have achieved this by adding a userPrincipalName attribute to our iChain authentication eDirectory, and syncing the value over from Active Directory using DirXML. We then pass this by configuring OLAC for this accelerator as follows:
- Name = iChain_UID
- Data Source = LDAP
- Value = userPrincipalName
- Check the "http header" box
This will allow MS Office to authenticate. What you will notice is that because iChain uses a session cookie for authentication, you can open a Word document, for example, and you will be prompted to authenticate. On opening subsequent Word documents, you will not be asked to authenticate. Once you close Word, then open a new document, you will be prompted to authenticate again, as the session cookie has been destroyed.
- iChain 2.3
- Windows 2003 Domain (tested version)
- Sharepoint 2003 (tested version)