Install the Windows Authentication Provider (optional)

The Windows Authentication Provider is only needed if you want to use Windows Authentication as an Identity Provider.

The potential advantage of the Windows Authentication Provider over the Active Directory Authentication Provider is that, with the correct configuration, users only have to provide their credentials when logging on to their Microsoft Windows session.
This seamless user experience depends on the following conditions:

  • The Identity Broker server (on which Windows Authentication Provider runs) must be joined to the domain that authenticates the users. This is a prerequisite for using the Windows Authentication Provider.
  • On computers used to access the Identity Director portals:
    • The Identity Broker server must be added to the Local Intranet Zone.
    • The Microsoft Windows Security setting User Authentication > Logon must be set to Automatic logon (the default setting for the Local Intranet Zone).
    You can configure these settings in the Windows Control Panel, at Internet Options, on the Security tab.
  • The user must log on to their Windows session with credentials from the domain that authenticates the users.
    Example:
    • If a user accesses the Identity Director portal from their work laptop from home, no additional credentials should have to be provided.
    • If a user accesses the Identity Director portal from a home computer, they will need to provide their domain credentials when first accessing the portal.
  • The browser used to access the Identity Director portal must support using Windows session credentials. E.g. Mozilla Firefox does not support this.

To install the Windows Authentication Provider, select it in the Configure Other Settings step of the Identity Broker Setup Wizard (see Install the Identity Broker).

Setup Wizard

  1. Specify an installation folder. By default, the Windows Authentication Provider will be installed in C:\Program Files\RES\Identity Broker\WinAuth\.
  2. In the Configure Identity Broker Access step, the fields should be pre-filled with suggested values:
    • Identity Broker Address: Specify the Identity Broker Address you entered in the Configure Other Settings step during installation of the Identity Broker.
      Example: https://server.mycompany.com
    • Unique Callback Path: Specify a unique path that this instance of the Windows Authentication Provider will use to communicate with the Identity Broker. The Unique Callback Path cannot contain spaces or special characters.
      The default value is winauth.

      The Windows Authentication Provider redirects to this path on the Identity Broker in step 7 and 8 of the Authentication sequence (see Authentication sequence).

    • Realm: Specify a unique URN (Uniform Resource Name) for this instance of the Windows Authentication Provider. This URN will be used as part of the validation routine by the Identity Broker.
      The default value is urn:idbroker.
See also