Summary:
Any virtual directory that is created under the website that has public IP address can be accessed from outside the company. If you would like your employees to access Web TimeSheet using SAML URL from outside your company network, then you can create a SAML directory under a website that is configured with public IP address. Please note that Replicon doesn't recommend ‘SAML virtual directory’ set up under the website with public access due to security reasons.
If you have already implemented SAML under the public website, and like to prevent users from accessing it from outside your office network, then
please follow the below steps.

  • Delete the ‘SAML‘directory from the website which has public access. Create a new website, and then create a new ‘SAML’ directory under this website pointing to the folder where your ‘SAMLIdentityProvider.ZIP’ is extracted.
  • Restart the new website created (Right click on the new website, click ‘stop’ again right click on it, click ‘start’).
  • Enter the new ‘URL ‘in the 'SAML transfer URL' field under System Preferences section of Web TimeSheet.

When you try log on to Web TimeSheet, it will prompt you to enter the login credentials only for the first time as the URL has been changed.

How to add the New URL in the 'SAML transfer URL' Field?

  • Log in to ' Web Timesheet '.
  • Select ' Administration ' from the top menu.
  • Select ' System ' > ' System Preferences ' from the side menu
  • Add the new URL in the ‘SAML transfer URL’ field.
  • Click ‘Save’.

Creating a new website in Windows Server 2008 or Windows Vista, which use IIS 7.0:

  • Create an empty directory on the hard drive of the server that can be used as the root directory of the Web TimeSheet website (Default location: 'c: inetpubwwwroot')
  • Run the IIS Manager.
  • Select [Web] Sites from the left pane.
  • Select Add Web Site from the right.
  • Enter the name of the website (for example, Web TimeSheet) in the Web site name box.
  • In the Physical path box, browse to the empty directory you created in 'c: inetpubwwwroot'
  • Enter the ' IP address ' and ' port number ' for the website. These determine the URL used to access Web TimeSheet and the port number should be different from that used by Web TimeSheet to access IIS (shown in RTServer.ini).
  • Select OK.

Creating a Website in Windows Server 2003 or 2000 (IIS 6.0/5.0):

 

  • Create an empty directory on the hard drive of the server that can be used as the root directory of the Web TimeSheet website (Default location: 'c: inetpubwwwroot')
  • Run the IIS Manager.
  • If using Windows Server 2003, in the left pane right click on the Web Sites folder. Alternatively, if using Windows Server 2000, right click on the name of the server where you are creating the website.
  • Point to New, and then select Web Site. The Web Site Creation Wizard appears.
  • Select Next.
  • In the Description box, enter the name of the new website (for example, Web TimeSheet), and then select Next.
  • Enter the IP address and port number for the website. These determine the URL used to access Web TimeSheet and the port number should be different from that used by Web TimeSheet to access IIS (shown in RTServer.ini). Select Next.
  • In the Path box, browse to the empty directory you created in 'c:inetpubwwwroot'. Select Next.
  • Enable the Read permission check box, and then select Next.
  • Select Finish.

Creating a new 'SAML Virtual directory’ under the Website:

  • Create a new IIS virtual directory pointing to the location of the folder where your SAMLIdentityProvider.ZIP is extracted. Give the directory 'read 'and 'execute 'permissions, and name it. We recommend naming it SAML.
  • Create an IIS application called ' SAML'. To do this:

    • In IIS 5.0, the application is created by default.
    • In IIS 6.0, right-click the ' SAML directory ' and select ' Properties '. On the' Virtual Directory tab ', click the ' Create ' button located in the Application settings area. Select OK.
    • In IIS 7.0, right-click the ' SAML directory ' and select ' Convert to Application' , and select OK.
  • Select authentication settings:

In IIS 5.0 or 6.0:

  • Right-click the' Default.aspx ' file in the SAML application you created, and select ' Properties '.
  • On the ' File Security tab ', select ' Edit' .
  • On the ' Authentication Methods ' page that displays, disable ' anonymous access ', and ensure ' Integrated Windows Authentication' is the only option enabled.

In IIS 7.0:

  • Select the ' SAML application ', select the ' Content View' , right-click the 'Default.aspx file', select ' Switch to Features' View.
  • From the 'Default.aspx Home (Features View)', select 'Authentication'.
  • Right-click each item that displays enable ' Windows Authentication', and disable all the other authentication types.