Using iChain to Protect a Sharepoint Site

Novell Cool Solutions: Tip
By Jim Goodall

Digg This - Slashdot This Posted: 21 Feb 2007

Problem

Can I use iChain to protect a Sharepoint site?

Solution

Yes! If you want documents to open in MS office directly from the Sharepoint server however (not save a copy, work on it then upload it) you will need to configure iChain as follows:

1. On your iChain server, configure your authentication profile to "allow authentication through HTTP authorization header".

2. Check the "Use basic / proxy authentication" option. You need this so that the MS Office suite can authenticate to iChain; it is not possible for Office to authenticate using a web form.

3. Configure your IIS website that is hosting the Sharepoint site to allow basic authentication.

4. Pass the Sharepoint server a username it recognizes - either username@dominname or domainname\username.

I have achieved this by adding a userPrincipalName attribute to our iChain authentication eDirectory, and syncing the value over from Active Directory using DirXML. We then pass this by configuring OLAC for this accelerator as follows:

• Name = iChain_UID
• Data Source = LDAP
• Value = userPrincipalName
• Check the "http header" box

This will allow MS Office to authenticate. What you will notice is that because iChain uses a session cookie for authentication, you can open a Word document, for example, and you will be prompted to authenticate. On opening subsequent Word documents, you will not be asked to authenticate. Once you close Word, then open a new document, you will be prompted to authenticate again, as the session cookie has been destroyed.

Environment

• iChain 2.3
• Windows 2003 Domain (tested version)
• Sharepoint 2003 (tested version)

Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com