Skip to main content
OCLC Support

Enable WebView single sign-on (NTLM)

Learn how to enable WebView single sign-on for OLIB.

Please note that WebView NTLM Authentication will only work if you're using IIS as your web server, it will not work with Apache.

Additionally, this is not available for our Hosted Customers as it requires the WebView server to be attached to your Windows Domain.

1. Populate identifier

You must ensure that you've populated one of the identifier fields on the user records in OLIB with the Domain User Names that will be returned by IIS in the REMOTE_USER variable. If you do not do this then your users won't be able to login after you carry out steps 2) and 3).

The identifier fields that can be used are:

  • Barcode
  • Seccode
  • Alt. Barcode
  • Identification

If none of these identifier fields on your user records contain the matching value for REMOTE_USER (i.e. Domain Username) then you will need to firstly populate one of these fields with the Domain Usernames before carrying out steps 2) & 3).

One way of doing this is via a user import, by following the User Import documentation.

For Example, if you intend to populate the Identification field with the Domain Usernames, and are matching on the Barcode field, then the user import file may look like this:

     BAR 6438
     BAR 9349

Note: Depending on your setup, IIS may return the REMOTE_USER variable as a combination of DOMAIN\USER so you must also bear this in mind. Additionally, the identifier field you populate must match exactly onto the Domain Username.

2. Enable Integrated Windows Authentication

You need to enable "Integrated Windows Authentication" for the WebView cgi-bin virtual directory. The instructions for doing this differ depending on the version of IIS you're using.

For Windows 2003 (IIS 6) please refer to the following page:

For Windows 2008 (IIS 7.5), please refer to the following page:

Once you've done this, any page requested in this secured directory will now perform NTLM authentication and will pass the username in the server environment variable REMOTE_USER onto WebView.

For your Internet Explorer users it won't prompt for a domain username & password, and the user will be automatically logged in with the credentials they used to logon to their machine. However, on other browsers e.g. Firefox will prompt the users for their domain username/password.

3. Reconfigure WebView to use NTLM

You must use WorldView or OLIBWeb to reconfigure WebView to use NTLM as the authentication method:

This can be done by logging in with System Admin privileges, then going to System Administration > WebView Defaults (or sometimes "OPAC Defaults", depending on your OLIB version).

In the SSO Parameters on this screen configure the following settings:

  • Credential Capture Type: NTLM
  • Redirect URL (Login): <blank>
  • Authentication Type: OLIB
  • Authentication Token Name: REMOTE_USER
  • Match Field in OLIB: Select that identifier field that contains the value of REMOTE_USER (i.e. Domain Username)
  • LDAP Server: <blank>
  • Redirect URL (Logout): <blank>

Once you've done this you should test it works by logging into a PC as a valid Domain User, then navigate to WebView and attempt to View your account details to confirm you're logged in. If this does not work then perform a User search in WorldView or OLIBWeb against the identifier field you selected as the "Match Field in OLIB" to make sure your domain username has been registered against your OLIB user record.

Again, please note that depending on your setup IIS may return the REMOTE_USER variable as a combination of DOMAIN\USER. So you may need to experiment by editing your user record in OLIB (e.g. adding or removing the domain prefix). Following this, check again whether you're logged into WebView by closing the browser window, re-opening it and navigating to the WebView Account Details screen.


  • Was this article helpful?