Open the IIS Manager and select the site under which your
WordPress environment runs. In our case we use the "Default Web
Site". After that double click "Authentication" Now you have to configure the authentication settings of your
site. Disable Anonymous Authentication Enable Windows Authentication With Windows Authentication selected, click on the
Providers link in the right Action panel Now the following window should appear. Please add the providers as
shown in the picture. The order has to be Negotiate over
NTLM! After that close the window by pressing OK. For the next step please select your site on the left
panel After that double click the Configuration
Editor At last please restart your IIS. In our example we imagine the following scenario Open a console and type hostname in order to see the
hostname of your machine. Now type the following to receive a list of all SPNs registered
for your machine setspn -L yourMachineName This should output a list like You now have to add a HOST and a http SPN for the address of your
WordPress environment which has to equal the hostname. To do this type
the following commands: setspn -a HOST/yourHostName yourMachineName setspn -a http/yourHostName yourMachineName Check if the SPNs were added successfully by typing setspn -L yourMachineName If your hostname contains a port
(e.g. *nadi-ts.test.ad:81/wordpress*) do __not__ add the port to the
SPNs. This is only required for older environments up to Windows 7 and
Windows Server 2008. Browser = UPV Client = abgesicherter Ort wo das Model liegt (z.B. bei BP ->
Azure App Proxy) Authorization Server = Server, der die AccessTokens ausstellt (z.B.
bei BP -> Microsoft Azure Server)
Appendix - SSO with IIS on
Windows
Enable Windows
Authentication
Now please select *windowsAuthentication* from the dropdown menu
Please change *useKernelMode* to *True* and save the settings by
pressing *Apply* button in the upper right corner.Configure SPNs
Hostname
Domain
FQDN hostname
nadi-ts
test.ad
nadi-ts.test.ad
