Using iChain to Protect a Sharepoint Site



By: jimgoodall

February 21, 2007 6:40 am

Reads: 172

Comments:0

Rating:0

Problem

Can I use iChain to protect a Sharepoint site?

Solution

Yes! If you want documents to open in MS office directly from the Sharepoint server however (not save a copy, work on it then upload it) you will need to configure iChain as follows:

1. On your iChain server, configure your authentication profile to “allow authentication through HTTP authorization header”.

2. Check the “Use basic / proxy authentication” option. You need this so that the MS Office suite can authenticate to iChain; it is not possible for Office to authenticate using a web form.

3. Configure your IIS website that is hosting the Sharepoint site to allow basic authentication.

4. Pass the Sharepoint server a username it recognizes – either username@dominname or domainname\username.

I have achieved this by adding a userPrincipalName attribute to our iChain authentication eDirectory, and syncing the value over from Active Directory using DirXML. We then pass this by configuring OLAC for this accelerator as follows:

  • Name = iChain_UID
  • Data Source = LDAP
  • Value = userPrincipalName
  • Check the “http header” box

This will allow MS Office to authenticate. What you will notice is that because iChain uses a session cookie for authentication, you can open a Word document, for example, and you will be prompted to authenticate. On opening subsequent Word documents, you will not be asked to authenticate. Once you close Word, then open a new document, you will be prompted to authenticate again, as the session cookie has been destroyed.

Environment

  • iChain 2.3
  • Windows 2003 Domain (tested version)
  • Sharepoint 2003 (tested version)
VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

Tags: ,
Categories: Access Manager, Technical Solutions

Disclaimer: As with everything else at NetIQ Cool Solutions, this content is definitely not supported by NetIQ, so Customer Support will not be able to help you if it has any adverse effect on your environment.  It just worked for at least one person, and perhaps it will be useful for you too.  Be sure to test in a non-production environment.

Comment