4.1 Before You Begin

The following procedures apply to the standard configuration of a server managed through an administration workstation. It also applies if your configuration does not separate the server from the administration workstation.

In Active Directory’s MMC, the current datastore version (displayed in the Advanced Settings page) might not update immediately when the directory database version is changed. To update, click OK, then exit the MMC Properties dialog box.

4.1.1 Prerequisites

  • Ensure that you meet the hardware and software requirements listed in NetIQ SecureLogin CE 24.3 (v9.2) System Requirements.

  • A minimum of 128 MB is required in the Windows directory. An additional 55 MB is required for temporary files, which is deleted after installation is complete.

  • You must have administrator-level access to the server and the administration workstations.

  • Back up the existing directory.

  • You must install Java 1.7 or 1.8 to enable single sign-on to Java applications on the workstation.

  • For multiple-directory environments:

    • Identify the domain controller to determine the directory where you will install SecureLogin and the order of replication.

    • Have access to the domain controller.

4.1.2 Requirements for Microsoft Windows Server

It is recommended to use TLS v1.2 and later for the SecureLogin communication. By default, SecureLogin initiates the SSL connection with the TLS v1.2 protocol. You must configure the same TLS version on the corresponding server.

The following information applies to the configuration of a server in a Microsoft Windows Server 2003 or Windows Server 2008 operating system environment.

Internet Explorer Enhanced Security

By default, Microsoft Windows Server 2008 and 2012 install the Internet Explorer Enhanced Security Configuration, which is designed to decrease the exposure of enterprise servers to potential attacks that might occur through the Web content and application scripts.

If you are using Internet Explorer, some websites might not perform as expected when SecureLogin is installed. Add-ons and Browser Help Objects (BHOs), such as SSO might not be fully functional.

For more information, see the Microsoft Support Web site for knowledge base article 815141.

Enabling Single Sign-On for Internet Explorer

To enable single sign-on for Internet Explorer, disable the Microsoft’s Internet Explorer Enhanced Security Configuration before deploying SecureLogin.

You can do this by:

Enabling Web Browser Extensions

  • On both Windows Server 2008: Go to Internet Options > Advanced > Browsing, then select the Enable Third party web browser extension (requires restart) option.

Enabling Browser Help Objects in Internet Explorer

  • In Internet Explorer 8: Open Internet Explorer, go to Tools > Internet Options > Advanced > under Browsing section, select Enable third party web browser extensions option.

    After SecureLogin is installed, open Internet Explorer, go to Tools > Manage Add-ons > Tools and Extensions and check if the SecureLogin IE SSO Helper object Class entry is displayed as Enabled.

4.1.3 Installation Overview

  1. Uninstall any SecureLogin version prior to 3.5.x.

  2. Ensure that Microsoft Management Console (MMC) Active Directory plug-ins are installed on the administration workstation.

  3. Extend the directory schema for SecureLogin versions prior to 6.0.

  4. If the application type is enabled for single sign-on, install Citrix or Terminal Services clients.

  5. Install Java 1.7 or 1.8 on the server and workstations, if SSO to Java applications is required.

  6. Install SecureLogin on the administration workstation.

  7. Create test users on the administration workstations.

  8. Define and configure the SecureLogin user environment, including enabling the required applications for single sign-on.

  9. Copy the test users’ configuration to relevant objects.

  10. Install the SecureLogin application on user workstations.

4.1.4 Microsoft Active Directory

SecureLogin on Windows

If an error appears during an attempted login immediately after you install SecureLogin on an Active Directory server, click OK in the message, wait for a few minutes, then try again. This error occurs because Active Directory takes time to synchronize. If the error continues, restart the server.

LDAP Environment

SecureLogin supports Microsoft Active Directory operating in an LDAP environment. There are no additional installation or configuration requirements. The only variation to the install is that you select LDAP and not Microsoft Active Directory as the installation platform. For details, see Extending the LDAP Directory Schema and Assigning Rights on the Server.

ADAM

SecureLogin supports deployment in an ADAM instance. For more information, see Configuring, Installing, and Deploying In Active Directory Lightweight Directory Services.