WindowsSSO
Warning
This authenticator is a legacy authenticator. It is recommended to plan for migrating the authenticator to the new protocol agnostic authenticator architecture. More information about the legacy authenticators can be found here.
Note
Use to leverage the authentication already done on the windows workstation.
Properties
| Name | Description | Default value | Mandatory |
|---|---|---|---|
| successURL | Where to redirect client after successful authentication | N/A | Yes |
| pipeID | ID of the pipe to execute used to verify user credentials | N/A | Yes |
| loginTemplate | Template used when presenting end-user UI. This template is wher euser enters credantials | login.template | No |
| allowLanguageChange | Should user be able to change template language | N/A | No |
| enableHoneypot | Enable/disable bot protection | true | No |
| translationKey | Body used in template. Value in this will try to map against language used by end-user | login.messages.information.body | No |
| includeQueryString | Should initial query string parameters be passed on | false | No |
Example Configuration
{
"alias": "winssp",
"name": "WindowsSSO",
"configuration": {
"successURL": "/config/",
"pipeID": "authPipe1"
},
"id": "winssp"
}
Requirements
PAS must be installed on a windows host belonging to the same domain as the clients used by the users.
Number of group membership restrictions
Users with a large number of group memberships may encounter problems with Kerberos authentication. Please view this article for more information: Kerberos authentication problems - Windows Server | Microsoft Learn