Active directory

Top  Previous  Next

Logging in via Active Directory (a MS Windows domain-based technology) is available when running Crash Magic as an ISAPI inside MS IIS.  It also requires that the user has already presented login information to their browser prior to accessing the Crash Magic login page.  If this has been done, then login information is passed from IIS directly to Crash Magic.

 

The login information passed from IIS includes the domain and the user name.  The password is not sent to Crash Magic.  What Crash Magic does is look for the user name in all the user groups that have an "AuthDomains" list that includes the specified domain name.  If a user is found in one of these groups, the user is logged into Crash Magic.  This method of validation works because the login and domain name are not sent unless the user has logged into a valid Windows domain.

 

The .master user group should never be set up with Active Directory login. The default behavior for Crash Magic is to login the user to the analysis section of the program. This will prevent a user from logging into the .master user group.

 

 

Note: Once AuthDomains is populated with a valid domain, users will not see the login screen when they access the main Crash Magic URL.  A new URL parameter has been introduced when "AUTOLOGIN" is set to false (i.e. http://somedomain.com/cm/?AutoLogin=false) the user will be presented the login page and no automatic login action will be taken.  Also, when logging out of the program, this parameter is sent automatically - otherwise it would be impossible to log out.  It is suggested that system administrators create a link such as this to access the Crash Magic system without being logged in automatically.

 

Set Crash Magic to use Active directory:

1.Log into Crash Magic as the Group Admin
2.Click on your the user group in the project tree that you have logged into (<state or province>@<municipality>)
3.Ensure the green Settings tab is open
4.Enter the name of the domain that Crash Magic is running under in in the Auth domain field

 

The following steps assume that you have IIS installed and running.

 

Steps setting Active Directory Logins on IIS 6:

1.On the server hosting Crash Magic open the Internet Information Services Manager
2.Right click on the web site or virtual directory Crash Magic is deployed under
3.Select Properties
4.Select the Directory Security tabIISWebsitePropertiesDiag
5.Click on the Edit button for Authentication and access control
6.Uncheck the Enable anonymous access
7.Check Integrated Windows authenticationIISAuthMethodsDiag
8.Click the OK button to save the work

 

 

Steps for setting Active Directory Logins on IIS 7:

1.On the Crash Magic server ensure that the Web Server/Security/Windows Authentication role has been installed( Consult the Windows documentation to install this role if needed)
2.Open the IIS Manager
3.Click on the Crash Magic application home( cm is the default home)
4.Click on Authentication
5.Right click on Anonymous Authentication and select Disabled
6.Right click on Windows Authentication and select Enabled

 

Enable Crash Magic users to access the Sys directory for IIS 6 and 7:

1.On the server hosting Crash Magic create a cmUserGr group in windows groups
2.Grant full control to the cmUserGr group to the Sys folder and all of the subdirectories
3.Make the cmUser a member of the cmUserGr group
4.Add any windows users groups that will access Crash Magic to the cmUserGr group

 

Integrated Windows Authentication on client browsers:

Networks that are using Kerberos authentication must ensure that "Enable Integrated Windows Authentication" is enabled. Networks that use NTLM should disable this setting. This setting is available in the advanced tab of the internet options dialog box in IE.

1.Open IE
2.Click on the Gear symbol near the upper left corner of the window
3.Select Internet Options
4.Click on the Advanced tab
5.Scroll down to the Enable Integrated Windows Authentication
6.Check the box according to your network authentication(Uncheck for NTLM Checked for Kerberos)
7.Click OK
8.Close and reopen the browser

 

Set the appropriate User Authentication for the Crash Magic site when required:

Incorrect IE Security settings can block a user from being able to log into Crash Magic. A Logon value of Anonymous will ensure the user is not able to log into Crash Magic. The browser will also prevent a login to Crash Magic if Automatic logon only in Intranet Zone and IE does not detect that Crash Magic is within the Intranet.

1.Open IE
2.Enter the Crash Magic url, and go to the site
3.Click on the Gear symbol near the upper left corner of the window
4.Select Internet Options
5.Click on the Security tab
6.Click on the Custom level
7.Scroll to the User Authentication/Logon section
8.Set the appropriate Logon level(This radio button should be set to Automatic logon with current user name and password will or Prompt for user name and password)