Search for	Example	Results
A single word	`cat`	Topics that contain the word "cat". You will also find its grammatical variations, such as "cats".
A phrase. You can specify that the search results contain a specific phrase.	`"cat food"` (quotation marks)	Topics that contain the literal phrase "cat food" and all its grammatical variations. Without the quotation marks, the query is equivalent to specifying an OR operator, which finds topics with one of the individual words instead of the phrase.

Search for	Operator	Example
Two or more words in the same topic	`AND` `and` `+` (plus symbol) `&` (ampersand)	`cat AND dog` `"cat food"+milk` `"cat food"&"dog food"`
Either word in a topic	`OR` `or` `\|` (pipe)	`cat OR dog` `cat \| dog`
Topics that do not contain a specific word or phrase	`NOT` `not` `!` (exclamation point)	`NOT cat` `! dog`
Topics that contain one string and do not contain another	`^` (caret)	`cat ^ mouse`
A combination of search types	`( )` parentheses	`cat + (dog \| mouse)` `cat \| dog + (! mouse)`

Service Manager9.41

Administer > System Security > Trusted sign-on > Requirements for trusted sign-on > Example: Enabling trusted sign-on > Example: Configuring the Web server for trusted sign-on

Example: Configuring the web server for trusted sign-on

To enable trusted sign-on for web tier clients, you must install and configure a web server (for example, Microsoft Internet Information Services (IIS) or Appache), which receives the user information from the client via the browser, and passes the user name and domain name to the web application server.

Note: The following steps assume that the web server and web application server configurations are already established, and that the only necessary changes to the configurations of these servers are those described below.

Apache configuration changes

Note The mod_auth_sspi.so module is available only for Windows; if Apache is installed on a UNIX® operating system, it may be necessary to create a custom class to perform trusted sign-on.

Add the mod_auth_sspi.so module to the /modules directory in the Apache installation.
Add the following lines to the bottom of the httpd.conf file to allow for trusted sign-on:

 #SspiAuth Module
 LoadModule sspi_auth_module modules/mod_auth_sspi.so
   <Location "/sm">
     AllowOverride None
     Options None
     Order allow,deny
     Allow from all
     AuthType SSPI
     SSPIAuth On
     SSPIDomain MYDOMAIN
     SSPIAuthoritative On
     SSPIOfferBasic Off
     SSPIPerRequestAuth On
     require valid-user
   </Location>

The name within the Location tag needs to be the path the user enters to open the Service Manager web client Web site; it is usually /sm, because the name is taken from the sm.war file. In a configuration with multiple domains, comment out the SSPIDomain parameter by adding a crosshatch character (#) in front of the line.

IIS configuration changes

Note: The following steps are for IIS 5 only. The steps for other versions of IIS may vary.

Download the Apache jk2 connector binary from jakarta.apache.org to your web application server's home directory (in this example, Tomcat home directory), and make sure the following files are added to the following folders:
- <Tomcat_home>\conf folder: jakarta isapirewrite.reg, jk2.properties, workers2.properties
- <Tomcat_home>\bin folder: isapi_redirector2.dll
In the jakarta isapirewrite.reg and workers2.properties files, update the Tomcat root path to your real Tomcat path.
Run the jakarta isapirewrite.reg file to add the information to your web tier server's system registry.
From your operating system's Control Panel, click Administrative Tools > Internet Information Services.
Expand your local computer node, click Web Sites.
Right-click Default Web Sites, and select New > Virtual Directory.

The Virtual Directory Creation Wizard opens.
In the Name field, type jakarta, and in the Directory field, browse to the directory where isapi_redirector2.dll is located (in this example, it is the Tomcat bin folder, with read and execute permissions).
Right-click Default Web Sites, and select Properties. In the Properties window, do the following:
1. Select the ISAPI Filter tab, and add a filter with the following information:
  - Filter Name: jakarta
  - Executable: C:\<Tomcat_home>\bin\isapi_redirector2.dll
    Note: Replace <Tomcat_home> with your real Tomcat home directory.
2. Select the Directory Security tab, and click Edit.
  The Authentication Methods window opens.
3. Select Integrated Windows authentication at the bottom, and clear all other selections in this window.
Start your operating system's command prompt, and run the following commands:
```
cd C:\Inetpub\AdminScripts
cscript adsutil.vbs set w3svc/NTAuthenticationProviders "NTLM"           
```
Your IIS web server configuration changes are completed. You can continue to configure the web browser's security settings to enable trusted sign-on for web clients.

Send Help Center feedback