Can I use iChain to protect a Sharepoint site?


Yes! If you want documents to open in MS office directly from the Sharepoint server however (not save a copy, work on it then upload it) you will need to configure iChain as follows:

1. On your iChain server, configure your authentication profile to “allow authentication through HTTP authorization header”.

2. Check the “Use basic / proxy authentication” option. You need this so that the MS Office suite can authenticate to iChain; it is not possible for Office to authenticate using a web form.

3. Configure your IIS website that is hosting the Sharepoint site to allow basic authentication.

4. Pass the Sharepoint server a username it recognizes – either username@dominname or domainname\username.

I have achieved this by adding a userPrincipalName attribute to our iChain authentication eDirectory, and syncing the value over from Active Directory using DirXML. We then pass this by configuring OLAC for this accelerator as follows:

  • Name = iChain_UID
  • Data Source = LDAP
  • Value = userPrincipalName
  • Check the “http header” box

This will allow MS Office to authenticate. What you will notice is that because iChain uses a session cookie for authentication, you can open a Word document, for example, and you will be prompted to authenticate. On opening subsequent Word documents, you will not be asked to authenticate. Once you close Word, then open a new document, you will be prompted to authenticate again, as the session cookie has been destroyed.


  • iChain 2.3
  • Windows 2003 Domain (tested version)
  • Sharepoint 2003 (tested version)
0 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 5 (0 votes, average: 0.00 out of 5)
You need to be a registered member to rate this post.

Disclaimer: As with everything else at NetIQ Cool Solutions, this content is definitely not supported by NetIQ, so Customer Support will not be able to help you if it has any adverse effect on your environment.  It just worked for at least one person, and perhaps it will be useful for you too.  Be sure to test in a non-production environment.

Leave a Reply

No Comments
Feb 21, 2007
6:40 am
Active Directory Authentication Automation Cloud Computing Cloud Security Configuration Customizing Data Breach DirXML Drivers End User Management Identity Manager Importing-Exporting / ICE/ LDIF Intelligent Workload Management IT Security Knowledge Depot LDAP Monitoring Open Enterprise Server Passwords Reporting Secure Access Supported Troubleshooting Workflow