How To: Configure the Service Portal to use an Integrated Login

Version 6

    Verified Product Versions

    Service Desk 7.7.x

    Using integrated login, when you log in to your Windows domain, you can also log in to LANDesk® Portal.




    There are five stages to using integrated login for LANDesk® Portal. More details are provided for each step after the summary below.


    1. Associate the users with a network login in the LANDesk® Service Desk Console.

    2. Create a new touchpaper framework that will run as an integrated service.

    3. Configure IIS to use Integrated Windows authentication.

    4. Configure TPS to use the IntegratedOnly login policy.

    5. Configure LANDesk® Portal to use Windows authentication.




    To associate Console users with a network login:


    1. In the Administration module of the LANDesk® Service Desk Console, display the User Management tree.

    2. Click on the required user.

    3. From the Actions menu click the Add Network Login.

    4. In the Network Login window enter the network login for that user in the format domain\username.

    5. Save the changes, and repeat for the other users.



    NOTE: It is a good idea to associate a network login to the SA account.  This way it is still possible to login to the portal as SA.




    To create a new integrated framework service.


    1. Copy the existing services files to a new folder.

      1. The existing folder will be located at c:\Inetpub\wwwroot . By default the folder is named Touchpaper.Framework.Web.

      2. Right click that folder and select Copy.

      3. Right click some empty space in the wwwroot folder and click paste.

      4. This will create a new folder called Copy of Touchpaper.Framework.Web.

    2. Rename the newly created folder to something that will let you know that it is an integrated service.  Example. Touchpaper.Framework.Web.Int.

    3. From the Administrative Tools section of Windows Control Panel, start the Internet Internet Information Services Manager.

    4. Expand the Web Sites folder.

    5. Right click on the Default Web Site globe.

    6. Select New - Virtual Directory.

      1. The Virtual Directory Creation Wizard window opens.

    7. Click Next.

    8. In the Alias: window type in the name of the newly created folder.  Example: Touchpaper.Framework.Web.Int

    9. Click Next.

    10. Click the Browse button to browse to the newly created folder.

    11. Select the newly created folder.

    12. Click OK.

    13. Click Next.

    14. On the permissions window Select Read and *Run scripts (such as ASP).

    15. Click Next.

    16. Click Finish.

    17. Once the Virtual Directory has been created right click the directory.

    18. Select Properties.

      1. The properties windows opens.

    19. Select the ASP.NET tab.

    20. In the ASP.NET version drop down, make sure that 2.0.50727 is selected.

    21. Click on the Directory Security tab

    22. Under Authentication and Access Control, click the Edit button

    23. Uncheck the box for Enable Anonymous Access

    24. Check the box for Integrated Windows Authentication

    25. Click OK

    26. Click OK.

    27. Open the following folder:  C:\Documents and Settings\All Users\Application Data\Touchpaper. (For Windows 2008 Server C:\ProgramData\Touchpaper)

    28. Copy that folder.

    29. Rename the new folder exactly the same as the name of the new Virtual Directory created earlier.




    To configure IIS to use Integrated Windows authentication:


    1. From the Administrative Tools section of Windows Control Panel on the web server running LANDesk® Portal, start the Internet Information Services applet.

    2. Right-click the LANDesk® Portal virtual directory, then click Properties on the shortcut menu.

      1. The Properties dialog box appears.

    3. On the Directory Security tab, in the Anonymous access and authentication group box, click Edit.

      1. The Authentication Methods dialog box appears.

    4. Clear the Anonymous access check box, and select the Integrated Windows authentication check box.

    5. Save the changes.




    For integrated login to work for LANDesk® Portal, Touchpaper Services must be using the IntegratedOnly login policy. If you did not choose this when you installed Touchpaper Services, you can change it using the procedure below.




    To configure TPS to use the IntegratedOnly login policy:


    1. On the web server that is running Touchpaper Services, open the XML file tps.config from the folder C:\DocumentsandSettings\AllUsers\ApplicationData\Touchpaper\ Touchpaper.Framework.Web \ in a text editor such as Notepad. (Where Touchpaper.Framework.Web is the name of the virtual directory where you have installed Touchpaper Services). (For Windows 2008 Server C:\ProgramData\Touchpaper)

    2. Change the line describing the logonPolicy to

      <add key="LogonPolicy" value="IntegratedOnly" />


    3. Save the changes.




    Finally, you configure LANDesk® Portal to use Windows authentication by editing another XML file.




    To configure LANDesk® Portal to use Windows authentication:


    1. From the folder where LANDesk® Portal is installed on your web server, open the XML file Web.config in a text editor such as Notepad.

    2. Find the line containing the &lt;!--  AUTHENTICATION tag.

    3. Web.config contains two authentication tags next to each other, with one commented out using &lt;!-- and --&gt;.

    4. Comment out the Forms authentication tag and remove the comment markers from around the Windows authentication tag:


    If you want to use...


    integrated login

    &lt;authentication mode="Windows" /&gt;


    &lt;deny users="?" /&gt;


    &lt;identity impersonate="true" /&gt;

    explicit login

    &lt;authentication mode="Forms"&gt;

    &lt;forms name=".ASPXAUTH" protection="All" timeout="60" /&gt;





    <authentication mode="Forms">  <forms name=".ASPXAUTH" protection="All" timeout="60" />  </authentication>    <!--OR--> <authentication mode="Windows" />  <authorization>  <deny users="?" />  </authorization> <identity impersonate="true" />


       5.  Save the changes and restart IIS.




    From now on, each time you start LANDesk® Portal, you will automatically log in to the system.


    If the serviceportal is not working after configuring, open the Web.Config file located in c:\inetpub\wwwroot\serviceportal and look for the TPS Host Key.  Make sure the path points to the correct server/location for integrated login.  Example:  "TPS Host" value="http://SERVERNAME/Touchpaper.Framework.Web.Int"