Location: List Archives

List Archives

This forum is an archive of all posts to our mailing list over the past few years.  The forum is set read only therefore to contribute you will need to join our list community.  See more info about this here.

 

When subscribed to the list you should use your standard email client to send your posts to ActiveDir@mail.activedir.org.

List Archives

Forums >ActiveDir Mail List Archive >List Archives
Subject: [ActiveDir] The AD Mapper
Prev Next
You are not authorized to post a reply.

AuthorMessages
neil.ruston@credit-suisse.comUser is Offline

Posts:48

06/22/2009 12:30 PM  
Hi,

I have recently been asked to ensure that the 'AD Mapper' functionality
is available within a new AD design.

As far as I'm aware, this is a feature of IIS which, when enabled allows
user certs in AD to be mapped to the IIS cert store and thus provide
'single sign-on'.

* Is my above description correct?
* Are there any changes required within AD itself to support this
feature?


Thanks,
neil


===============================================================================
Please access the attached hyperlink for an important electronic communications disclaimer:
http://www.credit-suisse.com/legal/en/disclaimer_email_ib.html
===============================================================================


bdesmondUser is Offline

Posts:731

06/22/2009 5:38 PM  
Correct it's an IIS feature. I think you just need the cert published in AD and possibly an extra SPN or something registered somewhere.

Thanks,
Brian Desmond
brian@briandesmond.com

c - 312.731.3132

From: activedir-owner@mail.activedir.org [mailto:activedir-owner@mail.activedir.org] On Behalf Of Ruston, Neil
Sent: Monday, June 22, 2009 6:29 AM
To: activedir@mail.activedir.org
Subject: [ActiveDir] The AD Mapper


Hi,

I have recently been asked to ensure that the 'AD Mapper' functionality is available within a new AD design.

As far as I'm aware, this is a feature of IIS which, when enabled allows user certs in AD to be mapped to the IIS cert store and thus provide 'single sign-on'.

* Is my above description correct?

* Are there any changes required within AD itself to support this feature?

Thanks,

neil

==============================================================================
Please access the attached hyperlink for an important electronic communications disclaimer:
http://www.credit-suisse.com/legal/en/disclaimer_email_ib.html
==============================================================================


iainmccallUser is Offline

Posts:3

06/24/2009 11:56 AM  

Yes, the Windows Directory Service Mapper is a feature of IIS that when enabled uses Active Directory to map a users certificate(normally stored on a smart card) to a windows domain account allowing certificate based authentication.

I don't recall making any changes specific to AD (apart for those required to get vendor technology integrated)

Hope this helps.

Iain

________________________________
From: activedir-owner@mail.activedir.org [mailto:activedir-owner@mail.activedir.org] On Behalf Of Ruston, Neil
Sent: 22 June 2009 12:29
To: activedir@mail.activedir.org
Subject: [ActiveDir] The AD Mapper


Hi,

I have recently been asked to ensure that the 'AD Mapper' functionality is available within a new AD design.

As far as I'm aware, this is a feature of IIS which, when enabled allows user certs in AD to be mapped to the IIS cert store and thus provide 'single sign-on'.

* Is my above description correct?

* Are there any changes required within AD itself to support this feature?

Thanks,

neil

==============================================================================
Please access the attached hyperlink for an important electronic communications disclaimer:
http://www.credit-suisse.com/legal/en/disclaimer_email_ib.html
==============================================================================


*********************************************************************************
This electronic message contains information from Hampshire Constabulary which may be legally privileged and confidential. Any opinions expressed may be those of the individual and not necessarily the Hampshire Constabulary.
The information is intended to be for the use of the individual(s) or entity named above. If you are not the intended recipient, be aware that any disclosure, copying, distribution or use of the contents of the information is prohibited. If you have received this electronic message in error, please notify us by telephone +44 (0) 845 045 45 45 or email to postmaster@hampshire.pnn.police.uk immediately. Please then delete this email and destroy any copies of it.

All communications, including telephone calls and electronic messages to and from the Hampshire Constabulary may be subject to monitoring. Replies to this email may be seen by employees other than the intended recipient.
*********************************************************************************

You are not authorized to post a reply.
Forums >ActiveDir Mail List Archive >List Archives > [ActiveDir] The AD Mapper



ActiveForums 3.7
Friends

Friends

Button
Members

Members

MembershipMembership:
Latest New UserLatest:laviramesh
New TodayNew Today:0
New YesterdayNew Yesterday:4
User CountOverall:4700
People OnlinePeople Online:
VisitorsVisitors:104
MembersMembers:0
TotalTotal:104
Online NowOnline Now:

Ads

Copyright 2009 ActiveDir.org
Terms Of Use