Configuring Single Sign-on for Dispatcher Paragon Payment System
Overview
This article describes the steps that has to be performed in order to set up the Single Sign-on (SSO) to Dispatcher Paragon Payment System web interface. The configuration of SSO requires advanced knowledge about the system configuration and working with the configuration files.
Prerequisites
Dispatcher Paragon Payment System has to be:
-
installed on a server which is a part of the domain. SSO is asking the system for the user authentication.
-
connection with Dispatcher Paragon - SSO is not supported by standalone mode of Dispatcher Paragon Payment System
-
all users which want to use SSO must have a windows user named with the same name as their username in Dispatcher Paragon Management (e.g. windows domain name "MY_COMPANY/johndoe" should have Dispatcher Paragon username "johndoe")
Configuration
For use of Dispatcher Paragon Payment System with SSO functionality, you have to configure the system and your browser.
Dispatcher Paragon Payment System configuration
SSO authentication has to be set in Dispatcher Paragon Payment System configuration file by following option:
sign-on.type=sso-sign-onFor more detail about Dispatcher Paragon Payment System configuration, see Advanced configuration of Dispatcher Paragon Payment System#Overview.
Browser configuration
Firefox
-
Type about:config in the address bar and hit enter.
-
Type network.negotiate-auth.trusted-uris in the Filter box.
-
Put your server name as the value. If you have more than one server, you can enter them all as a comma separated list (e.g. https://localhost).
-
Close the tab.
Internet Explorer
Ensure that Integrated Windows Authentication is enabled.
-
Open the Control Panel > Network and Internet > Internet Options.
-
Click the Advanced tab.
-
Scroll down to Security.
-
Check Enable Integrated Windows Authentication.
-
Restart the browser.
The target website must be in the Intranet Zone.
-
Open the Control Panel > Network and Internet > Internet Options.
-
Click the Security.
-
Click the Local Intranet icon.
-
Click the Sites button.
-
(only for Windows 8) Check Automatically detect intranet network.
-
For localhost, click Advanced.
-
-
Add your server name as the value of the list (e.g. https://localhost/).
-
Restart the browser.
Chrome
Same as Internet Explorer.
Usage
Local access
You have to only set your environment according to Configuration part and start using of the system. You are automatically signed in with your domain credentials.
Remote access
When you accessing Dispatcher Paragon Payment System from outer world by browser and the SSO is used then a popup window with a form to fill your credentials to the domain is displayed. So you type your domain credentials into the form and then you do not need to sign in the system, your domain credentials are used for it.
Change signed in user
Because of use of the SSO you are automatically signed in, so you do not have chance to directly choose signed in user. In the top-right corner a sign out button is displayed. So you can click the sign out button and you are redirected to sign in page, where you can type wanted credentials.
Sign in back by SSO
In order to sign in with your windows account, go to the login page one of Dispatcher Paragon Payment System web interfaces (Dispatcher Paragon Payment System Administration web interface, Cash Desk web or Dispatcher Paragon end user interface) and click link Log in as current Windows user. This action should perform a login into web interface with your presently logged windows user.
Limitations
SSO only in combination with Dispatcher Paragon
SSO for Dispatcher Paragon Payment System can be used only in combination with Dispatcher Paragon. The SSO is not supported for standalone mode of Dispatcher Paragon Payment System.