Configuration for Smart Card Login
This chapter explains the configuration required to support Smart Card login on TCS box.
Smart Card Configuration with TCS
The following is the configuration procedure that is required for Smart Card authentication with TCS:
- Launch Internet Information Service Manager (IIS).
- Select Computer name in left column, and click on Authentication in the right pane.
- Check if ‘Windows Authentication’ is Enabled or not as shown in the below image.
- In the left pane right expand the Default Web Site, Right click on ‘tcs’ directory, and choose ‘Switch to Content View’.
- In the right pane right click on SoapServer.php and choose ‘Switch to Feature View’.
- In left pane Expand ‘tcs’ directory. Click on SoapServer.php and choose Authentication from right pane.
- Disable Windows Authentication for SoapServer.php as shown in the below image.
- Stop and start IIS services.
Now the Smart Card login will work with pass-through authentication from Windows. TMS will be able to schedule the call on TCS.
Following configuration are required when TCS is configured with NAS:
- Go to Domain Controller in which TCS is configured, go to Active Directory, under Active Directory Users and Computers, select your domain, and then go to Computers.
- On right panel, select your TCS,right click and select Properties and do the following settings:
- In Delegation tab, select option “Trust this user for delegation to specified services only” and then choose “Use any authentication protocol”.
- Now click on Add, on Add Services page, click on “Users or Computers” button now add your NAS machine’s name and click on OK.
- On Available services list select protocols cifs, HOST and http respectively. As shown in below Screenshot:
- Now click on Apply and then on OK on TCS Properties page.
After enabling Smart Card, user will not be able to logout from TCS UI.
- Once we enable Windows Authentication on IIS, ASP.NET logout is not possible.
- Closing the browser will automatically logout the user.
- Accessing TCS next time will require credentials.
- Closing a particular tab keeps the user logged in, so close the browser to log out.