Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: IE11 secutity zones + Kerberos SSO

05 Mar 2016   #1
Steve92

Windows 7 Pro 64 bit
 
 
IE11 secutity zones + Kerberos SSO

Hello,

I meet a strange problem with IE to access from the web a public URL with Kerberos SSO enabled for LAN acces (of course, SSO can't work for external access).
A single URL is wanted for internal (LAN) and external(web) access.

# Client:
O/S: Windows 7
Browsers: IE11 + Firefox 44

# Server
O/S: Windows Server 2012 R2
Web server: Tomcat 7

# Authentication
Windows AD : 2012
Kerberos + SSO

# URL to access web portal with HTTPS/TLSv1.2: 2 existing FQDN
Public FQDN: xyz.corp.fr (reachable from web)
Internal FQDN: a-b-xyz.corp.fr and a-b-xyz.corp.local (reachable from LAN)

Aim

Notebooks have to access web portal from LAN or web (roaming users).
For both LAN and web access, only one public URL is wanted to access web portal: https://xyz.corp.fr .

Symptoms

From LAN, to get SSO with IE11, I just have to add https://xyz.corp.fr in "Local intranet" securitiy zone.
But if the notebook is connected from the web, the URL https://xyz.corp.fr does not work ("This page can't be displayed") !

To solve this problem, I have to move https://xyz.corp.fr to "Trusted sites" security zone of IE or at least delete the URL from "Local Intranet" zone.
Then, if the notebook have to connect from LAN, SSO does not work anymore since https://xyz.corp.fr is no more in "Local Intranet" security zone.

NB: - no problem with Firefox 44 that does not use "security zones" concept
- problem got on 4 different PC under W7
- no problem under W8.1

Questions

Is it possible to use a single URL for external (web) and internal (LAN) access ?
If yes, how ?

Thanks in advance.

I can provide you more info if needed.

Regards,

Steve.


My System SpecsSystem Spec
.
Reply

 IE11 secutity zones + Kerberos SSO




Thread Tools Search this Thread
Search this Thread:

Advanced Search




Similar help and support threads
Thread Forum
How do I integrate Kerberos with Windows Explorer?
Hi, I have a Windows 7 Home Premium x64 installation (i.e. one that does not attach to a domain) that needs to talk to a Samba share in a Kerberized (not AD) environment. I have setup "Kerberos for Windows 4.0.1" and "Network Identity Manager 2.0.102.907" and they are successfully able to...
Software
Time Zones - Restore Missing Default Time Zones
How to Restore Missing Default Time Zones in Windows 7 This will show you how to restore the default times zones in Windows 7 for when the Change time zone button does not work or you have missing time zones when trying to change the time zone. You must be logged in as an administrator to...
Tutorials
MS Secutity
Hi Guys I am curious to hear what you think of using Windows internet security, would you trust it alone to protect your computer from the evils of the internet. I have heard conflicting reports and would appreciate any advice. Thanks
System Security
Kerberos Authentication to UNIX from Windows 7 OS
Hi, I am testing Windows 7 OS in our domain and found that Kerberos authentication to UNIX domain from Windows 7 is not working. It is prompting for a password everytime I connect to a unix host and not going throuh pass-through authentication. This works perfectly fine on Windows XP OS in our...
System Security


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 06:10.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App