두 개의 웹 응용 프로그램간에 싱글 로그인?

Question

My SharePoint 2013 서버 팜에서는 두 개의 웹 응용 프로그램이 있습니다.

1. 단순한 인트라넷 포털 (http://portal)
2. 내 사이트 (http://portal:8080)

   문제는 사용자가 각 응용 프로그램에 대해 인증해야한다는 것입니다.예를 들어, 1. 응용 프로그램을 탐색하고 있습니다. 2. (다른 사용자 이름을 클릭하고 내 사이트로 리디렉션)을 다시 사용해야합니다.

   로그인 화면이 한 번 promted되기를 원합니다. 이 이중 인증 문제를 어떻게 해결할 수 있습니까?

Answer 1

If you are just using the default Windows authentication this should not be a problem at all - even with claims based authentication. Make sure the SharePoint URLs are in the "Intranet Zone" of the browser and your users should be logged on automatically - even without Kerberos. For this basic scenario you don't need ADFS or any other identity provider.

Answer 2

OR...you could NOT use PORT numbers for your MySite web application and either create a unique URL like http://mysite or http://my (or whatever works for your organization and culture). Then set trusted sites.

OR, If the users are non-domain users (the new domain will trip an auth prompt when you switch hosts) you could create the MySite host under a managed path under the host you already created. Create a Managed Path like http://portal/my and then set up a Wildcard Managed Path for http://portal/my/personal for all of the personal sites.

With this configuration you will only be prompted once.

(I hate seeing port numbers in "public" SharePoint URLs...)

Answer 3

You need to configure ADFS with SharePoint. Essentially its a type of Claims Authentication with a conceptual walkthrough mentioned here

This is an excerpt from MSDN that explicitly mentions the flow of a single user from one web app to another in SharePoint

Visiting Two SharePoint Web Applications In this walkthrough, John visits the a-Portal SharePoint web application and then visits the a-Techs SharePoint web application.
John visits the a-Portal SharePoint web application.
- John browses to the Team site in the a-Portal SharePoint web application.
- John has not yet been authenticated, so SharePoint redirects his browser to ADFS.
- John enters his Adatum domain credentials;
- ADFS validates the credentials, issues a SAML token that contains his claims, and redirects the browser to the SharePoint STS (the "/_trust/" endpoint in the SharePoint web application).
- ADFS also creates an SSO cookie so that it can recognize if it has already authenticated John.
- The SharePoint STS validates the token from ADFS and issues a FedAuth cookie for the a-Portal SharePoint web application that contains a reference to John's claims in the SharePoint token cache.
- SharePoint checks that John has access to the Team site collection, and redirects his browser to the site.


John visits the a-Techs SharePoint web application.
- John browses to the Team site in the a-Techs SharePoint web application.
- John has not yet been authenticated for this SharePoint web application so SharePoint redirects his browser to ADFS.
- ADFS detects the SSO cookie that it issued in step 1-c, and redirects the browser with a new SAML token to the SharePoint STS.
- The SharePoint STS validates the token from ADFS and issues a FedAuth cookie for the a-Techs SharePoint web application that contains a reference to John's claims in the SharePoint token cache.
- SharePoint checks that John has sufficient permissions to access to the Team site collection, and redirects his browser to the site.

Answer 4

http://msdn.microsoft.com/en-us/library/hh446525.aspx

This gives you a pretty good overview of what you need to do. In a nutshell:

1) Set up SharePoint on Claims Authentication, each web application authenticating to Active Directory (or a custom provider if you'd rather)

2) Configure the Security Token Service so everyone is on the same page

Not easy to do, but should be workable. Try in a development environment first please as a failure can be pretty fragile to authentication.

Answer 5

Use ADFS authentication this should solve your problem. Let me know if you need additional information