| Applies To | |||
| Product(s): | ProjectWise Web Server | ||
| Version(s): | 08.11.05.37 | ||
| Environment: | N/A | ||
| Area: | N/A | ||
| Subarea: | N/A | ||
| Original Author: | Bentley Technical Support Group | ||
Overview
The following Technote describes how to set up Single Sign On (SSO) for Projectwise Web Parts set up on a SharePoint Server.
Pre-requisites/Assumptions
A working ProjectWise implementation with the following programs needs to be installed.
1) ProjectWise Integration Server
2) ProjectWise Administrator
3) ProjectWise Explorer
4) SharePoint 2007
5) .Net Framework 3.0 SP1
6) ProjectWise Web Parts
The following are basic steps involved in configuring SSO.
1) Modify the dmskrnl.cfg file on the Integration Server (Section 1)
2) Enable the delegate user for the datasource. (Section 2)
3) Modify ProjectWise Web Parts to enable Windows credentials - Single Sign On. Modify IIS to enable anonymous access.
4) Make changes to a client's machine prior to them logging on to ProjectWise Web Parts.
Modify the dmskrnl.cfg file on the Integration Server
This section describes the two configuration changes that need to be made in the c:\program files\Bentley\Projectwise\bin\dmskrnl.cfg file.
1. Start by adding the SharePoint Server to the Trusted Servers section in the dmskrnl.cfg file.
Notice how the name SharepointSrv = 10.97.0.53 was added under the Trusted Servers section.
2. Next add the line SSO = 1 to the bottom of the dmskrnl.cfg file under the datasource settings. This configuration needs to be set for each datasource requiring single sign on.
Enable a Delegate user for the datasource
After creating the Delegate user in ProjectWise Administrator, we will need to save the user's settings on the SharePoint Server.
Note: The following configuration needs to be made on the SharePoint Server where ProjectWise Web Parts is deployed.
1. Log on to our the SharePoint Server and click on Start All Programs Bentley ProjectWise V8i Web Server and Web View Server ProjectWise Web Server Single Sign On Settings.
2. From the database dropdown menu, chose the corresponding datasource where you want to enable Single Sign On.
3. Add the new Delegate user name and password you just created and then click "Save Settings."
4. The Delegate user has been enabled for the datasource.
Modify ProjectWise Web Parts to enable Windows credentials - Single Sign On. Modify IIS to enable anonymous access.
1. Log on to the newly created SharePoint Site as an Administrator and click on the dropdown menu on any one of the Web Parts and select Modify Shared Web Part.
Note: It doesn't matter which Web Part is clicked on because you get the option to select which Web Part to modify as shown in the example below.
2. Enable SSO for our datasource by checking on the "Use Windows credentials (SSO)" option. You can select which Web Parts to enable SSO on by checking those on or off.
Note: All users who will be authenticating into SharePoint for SSO Web Parts will need to exist in SharePoint as users.
3. In IIS, right click on the SharePoint website under Web Sites and then click on Properties then click on the Directory Security Tab. The following dialogue box should appear.
4. Click on the edit button under Authentication and access control, and the Authentication Methods dialogue box will appear. In this box, uncheck Enable anonymous access as shown below and make sure "Integrated Windows Authentication" is checked.
5. Click on OK and proceed to the client's workstation for testing
Make changes to a client's machine prior to them logging on to ProjectWise Web Parts
This section describes what changes to make on the client's machine in order for the user to access Web Parts using Single Sign On.
In order for the client to access ProjectWise Web Parts using Single Sign On, you will need to be logged into the domain that connects to their ProjectWise datasource using their correct Windows credentials. To test this, make sure Single Sign On is working with ProjectWise Explorer on the user's machine.
Once the user has successfully logged on to the domain and their machine, they will need to do the following
1. Open Internet Explorer and click on Tools Options. When the Internet Options dialogue box appears, the user will need to click on the Security Tab Internet Custom Level.
2. Scroll down to the User Authentication Section and make sure the setting "Automatic logon with current user name and password" is selected then click okay.
3. Under Internet Options, click the Advanced Tab and scroll down to the Security section. In this section make sure the option "Enable Integrated Windows Authentication" is checked on (this takes effect after restarting Internet Explorer).
The user should now be able to connect to ProjectWise Web Parts using Single Sign On.
See Also
External Links
Bentley Technical Support KnowledgeBase
Comments or Corrections?
Bentley's Technical Support Group requests that you please confine any comments you have on this Wiki entry to this "Comments or Corrections?" section. THANK YOU!