Skip to Content

Enabling Single Sign-On for Comindware Project

For your convenience, you can enable Single Sign-On (SSO) for Comindware Project installed on your server so your teammates can use their Windows credentials to access the product. The procedure depends on whether you have Comindware Project installed as:

 

If Comindware Project is installed as a Windows Service

1. Open the web.config file in a text editor like Notepad. By default the file is located in: C:\Program Files (x86)\Comindware\Products\Site\Web.config

2. Find the line <authentication mode="None"/> and change the authentication mode from None to Windows: <authentication mode="Windows"/>

3. Uncomment the following code:

<!-- Uncomment to enable SSO -->
<!--authentication>
            <anonymousAuthentication enabled="true" />
            <windowsAuthentication enabled="true" />
     </authentication>
     <authorization>
             <remove users="*" roles="" verbs="" />
            <add accessType="Allow" users="*" />
             <add accessType="Deny" users="?" />
      </authorization-->

4. Save the changes and restart the service “Comindware Products” on your machine.

Note :  web.config is overwritten during each Comindware Project update. If you want to keep the SSO settings you’ve made, make a backup of this file and restore it whenever you need to reinstall Comindware Project on your server.

Optional: SSO for Comindware for Outlook

If you use MS Outlook as a corporate mail client in your company, you can integrate Comindware Project add-in into it (learn about this useful feature here) and enable Single Sign-On for it as well. To do it, enable SSO in your system as described above and then follow these steps:

5. Run Comindware.Platform.Server.exe as domain controller administrator using the full domain name (include “http” protocol and the port number) and the key «-createSSO», for example:

Comindware.Platform.Server.exe -createSSO http://tracker.corp.mycompany.com:8081

As a result, you’ll have a new entry added to your Active Directory which is required for the further setup.

6. Install the “Comindware for Outlook” add-in as described in this article.

7. Launch MS Outlook. The add-in will be configured automatically in about a minute. After that you can start using it.

You can stop at this point, however we recommend that you remove the entry added to your Active Directory during the SSO setup. Otherwise it can cause some performance issues if you ever need to re-configure Comindware add-in in your Outlook. You can remove this entry the same way as you created it:

Run Comindware.Platform.Server.exe as domain controller administrator using the full domain name (include “http” protocol and the port number) and the key «-createSSO», for example:

Comindware.Platform.Server.exe -createSSO http://tracker.corp.mycompany.com:8081

 

If Comindware Project is installed as IIS

If your Comindware Project is installed as an IIS server, you will need to configure Windows Authentication in IIS. The default authentication configuration for IIS 7 enables Anonymous authentication only. Here is how you do that:

1. To install the Windows Authentication module, go to Go to Start > Control Panel > Administrative Tools > Server Manager , click on “Roles” to expend it and double-click on “Web Server (IIS)” . The pop-up menu will come up in which you need to select the “Add role services” option.

Server Manager settings

2. Once the “Add role services” window opens, tick the “Windows Authentication” check box and click Next . If the box is already checked, the module is currently installed on this machine so you can leave it as it is.

Add Role Services

3. Click on the “Install” button to get this module installed on your server.

Note : if you want to enable SSO for Comindware Project on a Windows 8 –machine, make sure the following modules are installed as well:
  • .NET Framework 4.5 Advanced Services > WCF Services > HTTP Activation
  • Internet Information Services > World Wide Web Services > ApplicationDevelopment Features > ASP.NET 4.5
  • Internet Information Services > World Wide Web Services > Security > Request Filtering
  • Internet Information Services > World Wide Web Services > Security > URL Authorization

4. When all the required modules are installed, launch the web.config file in a text editor like Notepad. By default the the file is located in: C:\Program Files (x86)\Comindware\Products\Site\Web.config

5. Find the line <authentication mode="None"/> and change the authentication mode from None to Windows: <authentication mode="Windows"/>

6. Uncomment the following code:

<!-- Uncomment to enable SSO -->
<!--authentication>
            <anonymousAuthentication enabled="true" />
            <windowsAuthentication enabled="true" />
     </authentication>
     <authorization>
             <remove users="*" roles="" verbs="" />
            <add accessType="Allow" users="*" />
             <add accessType="Deny" users="?" />
      </authorization-->

7. Save the changes and restart IIS.

Note :  web.config is overwritten during each Comindware Project update. If you want to keep the SSO settings you’ve made, make a backup of this file and restore it whenever you need to reinstall Comindware Project on your server.

Optional: SSO for Comindware for Outlook

If you use MS Outlook as a corporate mail client in your company, you can integrate Comindware Project add-in into it (learn about this useful feature here) and enable Single Sign-On for it as well. To do it, enable SSO in your system as described above and then follow these steps:

8. Run Comindware.Platform.Server.exe as domain controller administrator using the full domain name (include “http” protocol and the port number) and the key «-createSSO», for example:

Comindware.Platform.Server.exe -createSSO http://tracker.corp.mycompany.com:8081

As a result, you’ll have a new entry added to your Active Directory which is required for the further setup.

9. Install the “Comindware for Outlook” add-in as described in this article.

10. Launch MS Outlook. The add-in will be configured automatically in about a minute. After that you can start using it.

You can stop at this point, however we recommend that you remove the entry added to your Active Directory during the SSO setup. Otherwise it can cause some performance issues if you ever need to re-configure Comindware add-in in your Outlook. You can remove this entry the same way as you created it:

Run Comindware.Platform.Server.exe as domain controller administrator using the full domain name (include “http” protocol and the port number) and the key «-createSSO», for example:

Comindware.Platform.Server.exe -createSSO http://tracker.corp.mycompany.com:8081