Anonymous authentication needs to be enabled.
In this scenario, only SuperOffice authentication is used
The Web site is visible to anyone (subject to IP address or such other restrictions, which we’ll leave out of it)
When a request comes in, it either has a valid session, or is redirected to the login page default found under <webinstallations>/Security/Login.aspx. This may be configured in the SoFormsAuthenticaiton section in Web.config
The login page is shown; user fills in user name/password
This can be a SuperOffice-authenticated user, or a domain user who is also a SuperOffice user.
If valid, then a redirect back to the original page is done, and the user is logged in to the web client and may start working.
Application server MUST be in the domain to validate the domain user.