WindowsSSOAuthenticator
Note
Used to leverage the authentication already done on the windows workstation. Can be configured to use a fallback if the windows based authentication fails.
Properties
| Name | Description | Default value | Mandatory |
|---|---|---|---|
| pipeID | ID of the pipe to execute used to verify user credentials | N/A | Yes |
| authProtocol | What IWA mechanism to use when talking to the client. Allowed values are 'NTLM' or 'Negotiate' | Negotiate | No |
| backupAuthenticator | Authenticator to use as backup if Windows SSO fails. | N/A | No |
Example Configuration
{
"alias": "winsso",
"name": "WindowsSSOAuthenticator",
"configuration": {
"backupAuthenticator": "my-backup-authenticator-id",
"pipeID": "authPipe1"
},
"id": "some-id"
}
Requirements
PAS must be installed on a windows host belonging to the same domain as the clients used by the users.
Number of group membership restrictions
Users with a large number of group memberships may encounter problems with Kerberos authentication. Please view this article for more information: Kerberos authentication problems - Windows Server | Microsoft Learn