Configuring SSO for YSoft Payment System
Overview
This article describes the steps that has to be performed in order to set up the Single Sign-on (SSO) to YSoft Payment System web interface. The configuration of SSO requires advanced knowledge about the system configuration and working with the configuration files.
Prerequisites
YSoft Payment System has to be:
installed on a server which is a part of the domain. SSO is asking the system for the user authentication.
connected with YSoft SafeQ - SSO is not supported by standalone mode of YSoft Payment System
all users which want to use SSO must have created user named by their username in YSoft SafeQ (e.g. domain name = MY_COMPANY/dvader => YSoft SafeQ user name = dvader)
Configuration
For use of YSoft Payment System SSO functionality, you have to configure the system and used browser.
YSoft Payment System configuration
SSO authentication has to be set in YSoft Payment System configuration file:
open <ysoft-payment-system-home>/payment-conf/environment-configuration.properties
add/change property sign-on.type and set it to value sso-sign-on
sign-on.type=sso-sign-on
Browser configuration
Firefox
Type about:config in the address bar and hit enter.
Type network.negotiate-auth.trusted-uris in the Filter box.
Put your server name as the value. If you have more than one server, you can enter them all as a comma separated list. (e.g. https://localhost)
Close the tab.
Internet Explorer
Ensure that Integrated Windows Authentication is enabled.
Open the Control Panel -> Network and Internet -> Internet Options
Click the Advanced tab.
Scroll down to Security
Check Enable Integrated Windows Authentication.
Restart the browser.
The target website must be in the Intranet Zone.
Open the Control Panel -> Network and Internet -> Internet Options
Click the Security.
Click the Local Intranet icon.
Click the Sites button.
(only for Windows 8) Check Automatically detect intranet network.
For localhost, click Advanced.
Add your server name as the value of the list. (e.g. https://localhost)
Restart the browser.
Chrome
Same as Internet Explorer.
Usage
Local access
You have to only set your environment according to "Configuration" part and start using of the system. You are automatically signed in with your domain credentials.
Remote access
When you accessing YSoft Payment System from outer world by browser and the SSO is used then a popup window with a form to fill your credentials to the domain is displayed. So you type your domain credentials into the form and then you do not need to sign in the system, your domain credentials are used for it.
Change signed in user
Because of use of the SSO you are automatically signed in, so you do not have chance to directly choose signed in user. In the top-right corner a sign out button is displayed. So you can click the sign out button and you are redirected to sign in page, where you can type wanted credentials.
Sign in back via SSO
When you want to sign in again via your domain account, then you click the sign out button and on the sign in page (see below) click link "Sign in as current Windows user".
Limitations
SSO only in combination with YSoft SafeQ
SSO for YSoft Payment System can be used only in combination with YSoft SafeQ. The SSO is not supported for standalone mode of YSoft Payment System.
Possibility to open a cash desk of another Cash Desk operator
Issue in steps:
you have enabled SSO authentication
sign in as another Cash Desk operator (not by your domain user)
open a cash desk where your domain user has not privileges
leave your session expire
refresh page
expiration of the session causes that you are signed out and system sign you (your domain user) automatically in
you are on the opened cash desk but with your domain user which does not have privileges to see this cash desk