Adaxes

bypass Web GUI SSO with machines not connected to domain

0 votes

Hi,

is there any way to bypass SSO and get directly to the Loginpage when a machine is not joined to the domain?

Reason why I'm asking is, in the last months we had a couple of acquisitions, all users in the sites have got domain accounts but while we are in the phase of standardization not every machine is joined to the domain. Here comes the issue, when a user tries to enter the SelfService page, which is setup with SSO, he get's prompted for his AD credentials, after entering he's redirected to the login page and needs to enter his credentials again, first login window appears to be from the MS Internet Explorer, second one is the normal Adaxes Page.

As this is very inconvenient for our users, I was wondering if there is any configuration that would allow machines not connected to the domain to go directly to the Adaxes Login form.

Best regards
Ingemar

by (960 points)

1 Answer

0 votes
by (216k points)

Hello Ingemar,

Adaxes uses Kerberos authentication for SSO, and it is not possible to set up an IIS Web Application to use and not use Kerberos authentication at the same time. To workaround this, you can create one more Web Interface that will be completely identical to the Self-Service Web Interface, but with SSO disabled. To do this:

  1. Launch the Web Interface Configuration tool.
  2. Expand the Interface type drop-down list.
  3. Click New.
  4. In the New Web interface dialog box, to make the new Web interface copy all settings of the Web interface for Self-Service, select the Web interface for Self-Service in the Copy settings from drop-down list.
  5. Enter a name for the new Web interface type, choose an IIS Web site where you want to create it and click OK.
  6. When the Web Interface Configuration tool finishes creating the Web Interface, the Web Interface type will be automatically switched to the new Web Interface type. Activate the Sign In tab.
  7. Click Disable Automatic Logon.

Related questions

0 votes
1 answer
Question - Regarding Updating Cached Credentials on a laptop that is remote & not connected to Domain.

Given Scenario: Adaxes domain user is remote with his laptop and has adaxes self service client installed on Windows and is enrolled for self service via Adaxes. We ... get updated when a user initiates password reset/change password from the lock screen ?

asked Nov 2, 2020 by rsaran (70 points)
0 votes
1 answer
With Adaxes can we add delegation permissions such as joining machines to domain ?

Looking to add a delegated permission for a specific OU for a security role (Help-Desk) to provide the ability to join machines to the domain and also rename the machines in domain.

asked Apr 14, 2023 by Vish539 (310 points)
0 votes
0 answers
Checkpoint FDE not syncing with passwords reset on machines with Adaxes installed

Hi, We have noticed an issue on a number of workstations that have Adaxes installed (or had installed, we've tried uninstalling it) where that if a user changes their ... FDE is still using the old password. Have you come across anything like this before?

asked Sep 24, 2019 by SYNSOL-DAN (40 points)
0 votes
1 answer
Adaxes Connected to my Domain Admin Account

So not sure how it happened but the Adaxes web interface is connected to my domain admin account. When I tried to change it everything went down. Were are all the locations this password is store on the server? Thanks

asked Jan 20, 2015 by 7efd721c8b (420 points)
0 votes
1 answer
Use Powershell script to determine who will be able to modify property managedBy in web gui

Hi, is it possible to use custom Powershell script to determine, who will be able to modify AD object property (for example managedBy)? So it is not manager of given object who can edit this property, but anyone who pass checks in Powershell script..

asked Apr 7, 2020 by KIT (910 points)
3,347 questions
3,047 answers
7,784 comments
545,027 users