NTLM Authentication Forwarding
NTLM (Windows NT LAN Manager) uses a challenge/response mechanism to securely authenticate users
without sending passwords in the clear across the network. It provides a secure method for sending Windows
network credentials to a Microsoft IIS (Internet Information Services) Web server.
NTLM authentication forwarding passes a Windows domain name along with the user’s authentication
credentials. This enables users accessing Web resources on Windows networks to be securely authenticated
without sending their passwords in the clear.
To use NTLM authentication forwarding in situations in which the credentials do not match, users must be running a Web browser that supports NTLM.
When single sign-on is enabled, the Web proxy service and the back-end server determine which authentication method is used. If only one authentication method (basic authentication or NTLM authentication) is enabled in AMC, that method is used. However, if both methods are enabled in AMC, NTLM authentication is used because it is the more secure of the two.
To configure NTLM authentication forwarding
Enable the SSO options in a Web application profile, and then attach the profile to any Web resources to which you want to forward user credentials.
In the AMC, navigate to System Configuration > Authentication Servers.
Click the Edit link for the server you want to configure.
The Configure Authentication Server page displays.
Expand the Advanced settings.
Specify the domain name you want to forward in the Domain authentication forwarding area:
You can type a custom name in the Domain name field, but it is not required. If you do not specify a name, an empty (null) domain name is forwarded, along with the user credentials.
To forward the authentication server name (as specified in the Name field at the top of the page) along with the user credentials, click Forward the authentication server name as domain name.
Was This Article Helpful?
Help us to improve our support portal