Direct access for single sign on with a browser

FileHold can be configured to use Integrated Windows Authentication (IWA) to provide a single sign on solution for the document management system. When a user goes to the login page they can click the Logon with Windows Authentication link to bypass entering a password.

The client and FileHold server must both be members of the same domain for IWA to work correctly.

Image
Web Client logon screen with SSO

It is possible to simplify this login even further for users that will always use Windows authentication by connecting with the following link.

<server_protocol_and_address>/FH/FileHold/UserRoleManager/WindowsLogin.aspx?returnPath=%2fFH%2fFileHold%2fWebClient%2fLoginForm.aspx

For example, if your server is configured for using HTTPS and your server name is filehold.example.com the URL for a direct connection would be as follows.

https://filehold.example.com/FH/FileHold/UserRoleManager/WindowsLogin.aspx?returnPath=%2fFH%2fFileHold%2fWebClient%2fLoginForm.aspx

The address is slightly more complex for installations where the web client server and application server are installed on different machines. In this case the address of the application server and for the web client server must be specified.

<application_server_protocol_and_address>/FH/FileHold/UserRoleManager/WindowsLogin.aspx?returnPath=<web_client_server_protocol_and_address>%2fFH%2fFileHold%2fWebClient%2fLoginForm.aspx

For example, if your application server is configured for using HTTPS and its name is fileholdas.example.com and the web client server is configured for using HTTP and its name is fileholdwc.example.com, the URL for a direct connection would be as follows.

https://fileholdas.example.com/FH/FileHold/UserRoleManager/WindowsLogin.aspx?returnPath=http%3a%2fS%2ffileholdwc.example.com%2fFH%2fFileHold%2fWebClient%2fLoginForm.aspx

So far all these examples use the web client as the return path, but any return path can be provided. After the WindowsLogin service is called it completes the process by executing an HTTP redirect to the return path. It will modify the URL for the redirect to include the session id or error code as parameters. If the session could be successfully created, sessionId=<session-guid> will be added. If creating the session was unsuccessful, errorCode=<error-code> will be added.

Of course, the return path could be a document link such as <server_protocol_and_address>/FH/FileHold/WebClient/LibraryForm.aspx?docId=1065999.

Make sure the return path is URL encoded. There are pleanty of web sites that will do this for you, but if you want to avoid the advertising you can easily use Powershell. For example, [System.Web.HttpUtility]::UrlEncode('<server_protocol_and_address>/FH/FileHold/WebClient/LibraryForm.aspx?docId=1065999')