Setting up Single Sign-On (SSO)

Single Sign-On (SSO) enables the user to automatically login without having to enter their username or password. From versiondog version 6.5 onwards, the administrator has the option to activate Single Sign-On. The network protocol Kerberos is used in Single Sign-On authentication.

Requirements

We recommend using SSO in conjunction with CSC encryption.

Activation in account policies under AdminClient:

Settings are saved by clicking on OK .

If an error should occur, this will be displayed in an error message as well as entered in the event viewer as “Info”.

SSO will remain even if the error message is active.

If you receive an error message and have no authorization on the AD, proceed as follows:

  1. Activate SSO on the server using the following steps: AdminClient > User management > Account policies > Single Sign-On via Kerberos.
  2. Ignore the error message that the name could not be registered (versiondog will still activate SSO anyway).

  1. You should now contact your domain administrator in the next step.

There are two possible ways to set the SPN attribute:

Automatic option

The AD user, that will be used to start the VDogMasterService, has write and read access. versiondog sets the attribute itself if you have sufficient authorization.

Manual option

The domain administrator assigns the attribute SPN in the Active Directory to the user under which the VDogMasterService is to be started. Point it to the following SPN format:versiondog/<VDServername>.<FQDN>.

Proceed as follows:

  1. Open the ADSI editor on the domain controller: Proceed as follows: Control Panel> System and Security> Management> ADSI editor.
  2. Establish the connection to the versiondog server domain.
  3. Search for the versiondog service user and then open properties (right click).
  4. In the attribute editor, search for the entry servicePrincipalName and then click on Edit.
  5. Store the Service Principal Name (SPN) for every versiondog server .

    Format: versiondog/<VDServername>.<FQDN>.


  1. Restart the versiondog services.
  2. SSO will now work.

Login using SSO

When logging in for the first time, proceed as follows:

  1. In the login window, select the necessary server settings located under the drop-down option Server.

  1. Then activate the checkbox Single Sign-On in the login dialogue Server configuration.

  1. Click on Save and Close to finish the configuration.
  2. In the login window, you will find the sections username, password and domain deactivated.
  3. By clicking on Log in, you can login without entering anything.
  4. SSO can also be used for local login on your computer under Local. The requirement for local login is fulfilled, if you have logged on to the versiondog server once before and the checkbox Single Sign-On is activated.

At the next restart, you will be logged in automatically.

The webserver in versiondog does not support SSO.

Single Sign-On can be activated in the server configuration in the file Csc_<Servername>-Server.ini. The file can be found in the Server archive under: \vdog client setup\configC\VD$A\Configuration\csc_<Servername>-Server.ini. Open the file Csc_<Servername>-Server.ini. Insert the section [Common] and the key SingleSignOn=Y. Start the installation from the network share on the server.

Logging out of the versiondog client

You can log out of the versiondog clients to change the user or the versiondog server. For this purpose, the Log out button was implemented on the clients under the File tab (exception EasyClient).