Altair® Monarch® Server

 

Server Post-Installation Actions

Configuring SSO

To use SSO

1.     Open Administrator.

 

NOTE

In Monarch Server that is upgraded from previous versions (e.g., v13.2), the virtual folders could still be labeled as “DSAdmin” (or "DSClient"). In this case, use “DSAdmin” (or "DSClient”) instead of “MSAdmin” (or “MSClient”) to open the Admin (or Client) page.

 

2.     Under the Navigation Tree, click Show Advanced Options.

3.     Click on Rights and Privileges, and then choose Security Provider.

4.     Under Security Providers, select Active Directory, and then select Show SSO.

 

NOTE

Mapping/aliasing of at least one administrator user is required. If there are no users mapped (MS and AD users are the same), the MS application is inaccessible without direct database modification of the Configuration table to the default state.

To add an administrator user account, choose Users under Rights and Privileges in the Navigation Tree. In the User window, click on “+” to add a new user.

 

In the User window, provide the necessary details. To check if the user account you are creating already exists, click on Check User. Do not forget to click Save.

 

 

5.     Modify the file web.config of the Administrator and Client applications (the paths are C:\inetpub\wwwroot\MSAdmin andC:\inetpub\wwwroot\MSClient, respectively).

 

NOTE

This step is crucial. One simple mistake can result in serious application issues. To avoid potential problems, make a backup of the web.config file before making any changes.

 

a.     Disable the following code:

   <authentication mode="Forms">

     <forms loginUrl="~/Login/LoginRedirect" defaultUrl="~/Login/LoginIndex" cookieless="UseCookies" timeout="15" name=".ASPXFORMSAUTH" slidingExpiration="true"/>

</authentication>

 

b.     Enable the following code:

<authentication mode= "Windows" />

 <authorization>

       <deny users="?" />

 </authorization>

 

6.     Make sure that Windows, ASP.NET Impersonation authentication on IIS for the Administrator and Client applications is disabled.

a.     Go to Start > All apps > Windows Administrative Tools > Internet Information Services (IIS) Manager.

 

c.     Go to MSAdmin > Authentication, and disable ASP.NET Impersonation status.

d.     Go to MSClient > Authentication, and disable ASP.NET Impersonation status.

7.     Restart the Monarch Server Config and Monarch Server Agent Services, IIS.

8.     On the login page of the Administrator and Client applications, click the SSO button.


 

NOTE

If you fail to define at least one administrator user and cannot login to the Administrator page, edit the Configuration table, and set the OptionValue of SecurityProvider to DEFAULT. The steps are as follows:

a.     Open Microsoft SQL Server Management Studio.

b.     In the Object Explorer panel, click Databases, and choose the database you are using. (You may check the database name using the Monarch Server Configurator. Under Configurator, click the Instances tab. The Database Name is shown in the Global Settings window. Refer to the image below.)

c.     Under Tables, right-click on dbo.configuration, and then choose Edit Top 200 Rows.

d.     Look for the OptionId “SecurityProvider,” and then change its OptionValue to DEFAULT (case sensitive).