Single Sign-On (SSO) enables the user to automatically login without having to enter their username or password. From versiondog version 6.5 onwards, the administrator has the option to activate Single Sign-On. The network protocol Kerberos is used in Single Sign-On authentication.
- The client and server need to be in the same server domain or in a domain with two-way trust.
- The client computer is required to be logged into Windows via a user from the Active Directory (AD).
- The server service needs to be started using a user from the Active Directory. The user will require an SPN (Service Principle Name) in their attributes (see also Activation in account policies).
- Active directory users need to have been setup in versiondog (See also AD Sync).
We recommend using SSO in conjunction with CSC encryption.
Settings are saved by clicking on OK .
If an error should occur, this will be displayed in an error message as well as entered in the event viewer as “Info”.
SSO will remain even if the error message is active.
If you receive an error message and have no authorization on the AD, proceed as follows:
- Activate SSO on the server using the following steps: AdminClient > User management > Account policies > Single Sign-On via Kerberos.
Ignore the error message that the name could not be registered (versiondog will still activate SSO anyway).
- You should now contact your domain administrator in the next step.
There are two possible ways to set the SPN attribute:
The AD user, that will be used to start the VDogMasterService, has write and read access. versiondog sets the attribute itself if you have sufficient authorization.
The domain administrator assigns the attribute SPN in the Active Directory to the user under which the VDogMasterService is to be started. Point it to the following SPN format:versiondog/<VDServername>.<FQDN>.
Proceed as follows:
- Open the ADSI editor on the domain controller: Proceed as follows: Control Panel> System and Security> Management> ADSI editor.
- Establish the connection to the versiondog server domain.
- Search for the versiondog service user and then open properties (right click).
- In the attribute editor, search for the entry servicePrincipalName and then click on Edit.
Store the Service Principal Name (SPN) for every versiondog server .
- Restart the versiondog services.
SSO will now work.
Login using SSO
When logging in for the first time, proceed as follows:
- In the login window, select the necessary server settings located under the drop-down option Server.
- Then activate the checkbox Single Sign-On in the login dialogue Server configuration.
- Click on Save and Close to finish the configuration.
- In the login window, you will find the sections username, password and domain deactivated.
- By clicking on Log in, you can login without entering anything.
- SSO can also be used for local login on your computer under Local. The requirement for local login is fulfilled, if you have logged on to the versiondog server once before and the checkbox Single Sign-On is activated.
At the next restart, you will be logged in automatically.
The webserver in versiondog does not support SSO.
Single Sign-On can be activated in the server configuration in the file Csc_<Servername>-Server.ini. The file can be found in the Server archive under: \vdog client setup\configC\VD$A\Configuration\csc_<Servername>-Server.ini. Open the file Csc_<Servername>-Server.ini. Insert the section [Common] and the key SingleSignOn=Y. Start the installation from the network share on the server.
Logging out of the versiondog client
You can log out of the versiondog clients to change the user or the versiondog server. For this purpose, the Log out button was implemented on the clients under the File tab (exception EasyClient).