SourceOne logon

This is what was forwarded to me (I've tested it in-house and at a client site with successful results):

All, We have a work around to address the need to perform multiple sign-ons for URL shortcut resolution (not tested for search). SSO will be part of the next release of S1 (6.6).  This is just something for 6.5. This has been tested with URL, but it may work with Search also.  We just have not tested it yet. I recommend testing in a lab before loading into any customer environment.

-------------------------------- This methodology was provided by the S1 staff  It was tried  it out on SP2 yesterday and it seemed to work as expected.

Config steps are fairly straightforward. You must perform these config steps on every system where you have installed the source one web services.

1.      Run inetmgr
2.      Open web sites, Default web sites, and select the ExShortcut site.
3.      Right-click on ExShortcut and select properties
4.      Select the Directory Security tab, and click the edit button for authentication and access control
5.      Uncheck “Enable Anonymous Access”
6.      Check “Integrated Windows Authentication”
7.      Click OK
8.      Select the ASP.NET tab
9.      Click the “Edit Configuration” button
10.     In the ASP.NET Configuration dialog select the Authentication tab
11.     Change the Authentication mode drop down from “Forms” to “Windows”

Then you need to run the setspn command to set up the service principals correctly. The setspn command is not on windows 2003 by default. Here’s the link:

http://technet.microsoft.com/en-us/library/cc773257.aspx

setspn -A HTTP/webservername domain\ES1serviceAccountUser
setspn -A HTTP/webservername.fullyqualifieddomainname domain\ES1serviceAccountUser

This registers the IIS stuff as a service principal associated with the es1 account.

At this point I would recommend a reboot of the affected ES1 machines. I’m not sure how the security settings get associated with the various services and running processes, and to be safe I would just reboot.

Finally once you get this done you’ll need to watch out for security settings in IE (did you think this was going to be easy??)

On the client box where you're running outlook (resolving shortcuts, etc.), startup IE, and go to Tools/Internet Options, choose the security tab, select the "local intranet" icon, then hit the "custom level..." button, and scroll to the very bottom of the settings. There you should see the User Authentication section. The button that should be selected is automatic logon only in intranet zone. This is the bit that actually does the SSO from the browser side.

Assuming that’s correct, you then need to click the "sites" button, click the advanced button, and finally there you need to add the urls of the servers where the ES1 stuff is running. Once that's done, when you click on the link of the html attachment from outlook and the browser opens, you should make sure that IE thinks it's in the intranet zone (the little toolbar icon on the lower right hand side of IE).

I completed these steps and it popped up a logon box.

I don't know what to say...I just did these exact same steps yesterday, and the user does not have to enter any login credentials when doing shortcut resolution...when the user clicks on the shortcut html link, there is no need to enter any username or password to view the attachment or to restore the email to the mailbox.