Documentation Center

Configuring single sign-on in the web\WebUI\WebRoot\ folder

In %TRIDION_HOME\web\WebUI\WebRoot\web.config, perform a number of configuration tasks to make it work with single sign-on.

Procedure

  1. On the Content Manager server, open %TRIDION_HOME\web\WebUI\WebRoot\web.config for editing.
  2. Uncomment the following <appSettings> key and specify the hostname and portnumber of your Content Manager server to enable WCF to work properly:
    <add key="Tridion.WCF.RedirectTo" value="hostname:portnumber"/>
  3. Place comment delimiters around the <authorization> section:
    <!--
    <authorization>
    	<deny users="?"/>
    </authorization>
    -->
  4. In the system.serviceModel/bindings/webHttpBinding section, find the binding section with its name attribute set to Tridion.Web.UI.ContentManager.WebServices.WebHttpBindingConfig and set the clientCredentialType attribute of the transport element to the value None rather than the default value Windows.
  5. In the system.serviceModel/behaviors/serviceBehaviors section, find the behavior section with its name attribute set to Tridion.Web.UI.ContentManager.WebServices.DeveloperBehavior. In this section, find a commented-out section named serviceAuthorization and remove the comment delimiters:
    <serviceAuthorization principalPermissionMode="Custom">
    	<authorizationPolicies>
    		<add policyType="Tridion.Web.ServiceModel.HttpIdentityPolicy, Tridion.Web.ServiceModel"/>
    		<add policyType="Tridion.Web.ServiceModel.HttpPrincipalPolicy, Tridion.Web.ServiceModel"/>
    	</authorizationPolicies>
    </serviceAuthorization>
  6. Save and close Web.config.