Board 10.6 IIS Kerberos settings login

Andrea De Nardi

Hello, 
we have searched in the KB library and in some post, but we can't find the correct settings to setup the Windows authentication to Board Web via Web Browser .
Actually we have setup Board 10.6 Server with the IIS active service and Board client also works great with Windows and Board defined users.
Unfortunately access via web interface (Google Chrome) work only with Board users, but we want to activate the Kerberos activation as defined into the IIS settings (screenshot attached).
Anyone have solved this issue before?
Thank you for any reply on this topic.

------------------------------
Andrea De Nardi
Sistemista IT
IRINOX SPA
Italy
------------------------------

Florian Deutsch

Hi Andrea,

I'm pretty sure you refer to Windows integrated security with NTLM.
Using Kerberos with IIS is possible as well but pretty hard to set up and debug (SPN etc.)

Prerequisites for Windows Authentication (In addition to the standard IIS installation):
* Board web server and Board engine have to be on the same server (!) - otherwise Windows Authentication with Board won't work.
(ADFS/SAML/OpenID would be required instead for this scenario)

* The server must also belong to the domain

* Windows Authentication has to be enabled in your appSettings.json:
<add key="winAuthEnabled" value="true" />
* Windows Authentication has to be enabled in IIS (seems you already did that)

* disable "negotiate" when using Windows Server 2019 or later.
Otherwise you may receive a login prompt every time you try to use Windows Auth:

* Board users should have the a login corresponding to their sAMAccountName.
It doesn't neccessarily have to be "Windows/ADFS/SAML" - you can also use user/password and Windows Auth will still work as it only matches the username

------------------------------
Florian Deutsch
Senior Support Consultant
linkFISH Consulting GmbH
Germany
------------------------------
-------------------------------------------