Configuring SSO in IIS on Windows is easy. The whole configuration can be done with help of the IIS management console.
Enable Windows Authentication
In the IIS management console select the site in which your WordPress instance runs. In the category IIS select the Authentication item.
- Disable Anonymous Authentication
- Enable Windows Authentication
- With Windows Authentication selected, click on the Provider link in the right Action panel
- Add the following providers in this order: Negotiate, NTLM.
If you want to use SSO with NTLM you have to put NTLM at first position: *NTLM*, *Negotiate*.
- Restart the site
You can use !Fiddler to test the Kerberos configuration.
- Start Fiddler
- Open your browser and go your WordPress instance for which have previously enabled Kerberos
- In Fiddler select the last request from the list. In the right panel below Inspectors > Headers > Auth you should see the message
WWW-Authenticate Header (Negotiate) appears to be a Kerberos reply