PhenixID

PSD1202 – NTLM over HTTP using PIP

Fact

  • PhenixID Identity Provisioning 5.1.2 or later

Situation

You like to access a host using HTTP, and to use NTLM (Windows Authentication) to authenticate towards the web server. From PIP 5.1.2, the default behavior of the JRE is to disable NTLM over HTTP for security reasons, you need to enable this manually.

Solution

Add a parameter to VMoptions files:

  1. Open folder \\..\PhenixID\Provisioning
  2. Open file Provisioning Service.vmoptions
    1. The same needs to be added to
      Provisioning Configurator.vmoptions
  3. Add a new line with the following content:
    -Djdk.http.ntlm.transparentAuth=allHosts
    1. Valid values are: allHosts, trustedHosts and disabled (default)
  4. Save the files
  5. Restart PIP service and/or PIP Configurator

DISCLAIMER
Information provided in this document is for your information only. PhenixID makes no explicit or implied claims to the validity of this information. Any trademarks referenced in this document are the property of their respective owners.

The origin of this information may be internal or external to PhenixID. PhenixID makes all reasonable efforts to verify this information.

PhenixID - support.phenixid.se