Question:
How do you configure DocuWare with Kerberos Authentication in versions 7 - 7.3?
Answer:
In order to configure DocuWare with Kerberos Authentication, please complete the following;
Modifying the Platform and Settings web.config files.
- Go to the Platform web.config file and alter the file by changing the value "NTLM" to "Negotiate:Kerberos"
Navigate to ...Program Files\DocuWare\Web\Platform\Web.config, open the .config file, and implement these changes.
Note that this value occurs more than once in this file, you have to adjust all of them.
<windowsAuthentication enabled="true">
<providers>
<clear />
<add value="Negotiate:Kerberos" />
</providers>
</windowsAuthentication>
- Go to Settings web.config file and alter the file by changing the value "NTLM" to "Negotiate:Kerberos"
Navigate to ...Program Files\DocuWare\Web\Settings\Web.config, open the .config file, and implement these changes.
<windowsAuthentication enabled="true">
<providers>
<clear />
<add value="Negotiate:Kerberos" />
</providers>
</windowsAuthentication>
Setup IIS
- Go to IIS Manager
- In Application Pool, find "DocuWare Platform Services App Pool" and "DocuWare Setting App Pool"
- Right click and select "Advanced Settings". Find "Identity" as depicted above and change the value to "LocalSystem" for each of the specified App Pools.
- In IIS, navigate to Sites >Default Web Site >DocuWare >Settings (if DocuWare is not in Default Web Site you should locate it), then open Authentication.
- After you open Authentication, enable Windows Authentication and Disable all other authentication methods.
- Right click "Windows Authentication" and select “Providers”
- From the list of “Available Providers” select “Negotiate:Kerberos” and remove the rest. You will be warned about Kernel mode. If you have it enabled, then save and right click Windows Authentication again, this time select “Advanced Settings” and disable Kernel Mode (you can set “Extended Protection” to Off if you have trouble, but it could be a security risk.)
- Test Windows Login with fiddler. Check the authentication tab to make sure DocuWare uses Kerberos.
KBA applicable for only On-premise Organizations.