Configuring Single Sign-on for Dispatcher Paragon Payment System

Overview

This article describes the steps that have to be performed in order to set up the Single Sign-on (SSO) to the Dispatcher Paragon Payment System web interface. The configuration of SSO requires advanced knowledge about the system configuration and working with the configuration files.

Prerequisites

Dispatcher Paragon Payment System has to be:

  • installed on a server that is a part of the domain. SSO asks the system for user authentication.

  • connected with Dispatcher Paragon – SSO is not supported by the standalone mode of Dispatcher Paragon Payment System

  • ready for all users who want to use SSO and they must have a Windows user with the same name as their username in Dispatcher Paragon management interface (e.g., the Windows domain name "MY_COMPANY/johndoe" should have the Dispatcher Paragon username "johndoe")

Configuration

For using Dispatcher Paragon Payment System with SSO functionality, you have to configure the system and your browser.

Dispatcher Paragon Payment System Configuration

SSO authentication has to be set in the Dispatcher Paragon Payment System configuration file using the following option:


sign-on.type=sso-sign-on

For more details about Payment System configuration, see Advanced Configuration of Dispatcher Paragon Payment System section Overview.

Browser Configuration

Firefox

  1. Type about:config into the address bar and click enter.

  2. Type network.negotiate-auth.trusted-uris into the Filter box.

  3. Set your server name as the value. If you have more than one server, you can enter them all as a comma-separated list (e.g., https://localhost).

  4. Close the tab.

Chrome

Ensure that Integrated Windows Authentication is enabled.

  1. Open Control Panel > Network and Internet > Internet Options.

  2. Click the Advanced tab.

  3. Scroll down to Security.

  4. Check Enable Integrated Windows Authentication.

  5. Restart the browser.

The target website must be in the Intranet Zone.

  1. Open Control Panel > Network and Internet > Internet Options.

  2. Click Security.

  3. Click the Local Intranet icon.

  4. Click the Sites button.

  5. (only for Windows 8 or newer) Check Automatically detect intranet network.

    1. For localhost, click Advanced.

  6. Add your server name as the value of the list (e.g., https://localhost/).

  7. Restart the browser.

Usage

Local Access

You only have to set your environment according to the Configuration part and start using the system. You are automatically signed in with your domain credentials.

Remote Access

When accessing Dispatcher Paragon Payment System from the outer world by browser and SSO is used, then a popup window with a form to enter your credentials to the domain displays. Enter your domain credentials into the form and then you do not need to sign into the system, your domain credentials are used for it.

Change Signed In User

Because of the use of SSO, you are automatically signed in, so you do not have the chance to directly choose the signed in user. In the top-right-hand corner, a sign out button displays. You can click the sign out button and you are redirected to the sign-in page where you can enter the required credentials.

Sign back in by SSO

In order to sign in with your Windows account, go to login page one of Dispatcher Paragon Payment System web interfaces (YSoft Payment System Administration web interface, Cash Desk web or Dispatcher Paragon end user interface) and click the link Log in as current Windows user. This action should perform a login into the web interface with your presently logged Windows user.

Limitations

SSO Only in Combination with Dispatcher Paragon

SSO for Dispatcher Paragon Payment System can only be used in combination with Dispatcher Paragon. SSO is not supported for the standalone mode of Dispatcher Paragon Payment System.