| Author |
Message |
![[Post New]](/Sysforums/templates/default/images/icon_minipost_new.gif) 11/09/2008 01:08:22
|
Jason Weston
SysAider
Joined: 08/09/2008
Messages: 1
Offline
|
Okay i have an issue with SSO, funny thing is i managed to get this working at my last place of employment. Essentially i am not getting SSO to work, i have setup IE correctly and added the site to the Intranet Sites in security but cannot get it to authenticate, it does authenticate users (LDAP imported users) if i type in the login DOMAINNAME\username and password.
Below is my ServerConf.xml file:
<?xml version='1.0' encoding='UTF-8'?>
<serverConf>
<dbConf>
<dbDriver>org.apache.derby.jdbc.ClientDriver</dbDriver>
<dbUrl>jdbc:derby:default;create=true</dbUrl>
<dbUser>sysdba</dbUser>
<dbPassword>masterkey</dbPassword>
<dbType>derby</dbType>
<dbEncoding>utf-8</dbEncoding>
<dbMultiply>false</dbMultiply>
<dbMainName>ilient</dbMainName>
</dbConf>
<logConf>
<logLevel>error</logLevel>
<logTimes>false</logTimes>
</logConf>
<mailConf>
<smtpHost>smtpserver</smtpHost>
<smtpUser></smtpUser>
<smtpPassword></smtpPassword>
<mailFrom>helpdesk@domainname</mailFrom>
</mailConf>
<loginConf>
<accountType>multi</accountType>
<defaultAccount>administrator</defaultAccount>
<webServerUser>false</webServerUser>
<externalLoginClass>
<ntlmAuth>
<ntlmParam>
<ntlmParamName>jcifs.smb.client.domain</ntlmParamName>
<ntlmParamValue>FQDN</ntlmParamValue>
</ntlmParam>
<ntlmParam>
<ntlmParamName>jcifs.http.domainController</ntlmParamName>
<ntlmParamValue>DC IP</ntlmParamValue>
</ntlmParam>
<ntlmParam>
<ntlmParamName>jcifs.smb.client.username</ntlmParamName>
<ntlmParamValue>domain\username</ntlmParamValue>
</ntlmParam>
<ntlmParam>
<ntlmParamName>jcifs.smb.client.password</ntlmParamName>
<ntlmParamValue>password</ntlmParamValue>
</ntlmParam>
<ntlmParam>
<ntlmParamName>jcifs.smb.lmCompatibility</ntlmParamName>
<ntlmParamValue>3</ntlmParamValue>
</ntlmParam>
</ntlmAuth>
</externalLoginClass>
</loginConf>
<smsConf>
<smsGatewayID>00</smsGatewayID>
<smsUser>internal</smsUser>
<smsPassword>d1efad72dc5b17dc66a46767c32fff40</smsPassword>
<smsProviderClass>com.ilient.util.SMSCenterProvider</smsProviderClass>
</smsConf>
<sysaidLogLevel>info</sysaidLogLevel>
<supportURL></supportURL>
</serverConf>
Of course i have taken out company info. Any help would be appreciated as i have tried just about everything.......
|
|
|
12/09/2008 12:15:22
|
johnny
SysAider
Joined: 10/09/2008
Messages: 8
Location: Girona
Offline
|
Newbie in sysaid:
SSO is working perfectly, but, it's possible to change the user connected when SSO is enabled? By default, every time I enter the login page, program use the system login user.
I want to change the user, because sometimes I need to use a administrator user in a remote location, when another user is logged.
Thanks.
|
|
|
02/10/2008 11:19:26
|
rado
SysAider
Joined: 01/10/2008
Messages: 5
Offline
|
Jason,
I experienced just the same problem. SSO with IE just did not work. I would appreciate any help ...
|
|
|
02/10/2008 13:08:42
|
CliGil
Super SysAider
Joined: 17/06/2008
Messages: 64
Location: Michigan USA
Offline
|
SSO by design would take whatever user is logged in and use that account.
Can you remotely log into another computer to access sysaid?
Not perfect but might work.
|
|
|
21/10/2008 03:56:22
|
OCL
SysAider
Joined: 14/08/2008
Messages: 1
Offline
|
Has anyone managed to get SSO to work in a multi domain environment? We are rolling out sysaid to 7000 users aprox and teaching them to type their domain\username is becoming a pain!
Any help much appreciated
Thanks
|
|
|
20/03/2009 11:56:42
|
argentieri
SysAid Mod
Joined: 26/11/2008
Messages: 9
Offline
|
Dear Ilient I have a problem with Sigle Sign on.
I made the changes to the post
http://www.ilient.com/Sysforums/posts/list/277.page # 671
But it does not work correctly.
Some users (1 or 2) you connect, others do not connect.
Could you help me?
|
|
|
22/03/2009 11:29:47
|
Haim
SysAid Wiz
Joined: 15/04/2008
Messages: 2449
Offline
|
Jason Weston,
This means that the browser (IE) is not passing the credentials to the SysAid server.
Make sure that typing the domain credentials allows you to login, and if it does, this means that SSO is configured correctly.
Here is how to set IE to pass credentials to the SysAid server.
1. In Internet Explorer, please go to the Tools -> Internet Options -> Advanced tab and check the “Enable Integrated Windows Authentication” check-box.
2. Next, switch to the security tab and click Local Intranet -> Custom Level and select “Automatic log-on with current user name and password” (under User Authentication, Log-on).
3. Click OK on all windows and restart Internet Explorer (close all IE windows and open it again).
4. See if you can automatically login to SysAid. If not, perform step 2 on the Internet Zone as well and try again.
|
Pushing IT forward |
|
|
22/03/2009 11:30:30
|
Haim
SysAid Wiz
Joined: 15/04/2008
Messages: 2449
Offline
|
OCL wrote:Has anyone managed to get SSO to work in a multi domain environment? We are rolling out sysaid to 7000 users aprox and teaching them to type their domain\username is becoming a pain!
Any help much appreciated
Thanks
Hello OCL,
Configuring single sign-on (Integrated Windows Authentication) on SysAid when integrated with more than one Active Directory domain should work, but only if you have trust relationship between the domains. The instructions are similar to the standard SSO configuration. You only need to do the SSO configuration against one domain. If the authenticating user is from another domain, it will automatically be routed to the corresponding domain controller for authentication (thanks to the trust relationship).
If your multiple domains don't trust each-other, then SSO is not possible
|
Pushing IT forward |
|
|
22/03/2009 11:32:41
|
Haim
SysAid Wiz
Joined: 15/04/2008
Messages: 2449
Offline
|
argentieri wrote:Dear Ilient I have a problem with Sigle Sign on.
I made the changes to the post
http://www.ilient.com/Sysforums/posts/list/277.page # 671
But it does not work correctly.
Some users (1 or 2) you connect, others do not connect.
Could you help me?
Hello argentieri,
This issue might happen in several cases.
In order for us to further assist you, please open a service request on this issue by sending an email to helpdesk@ilient.com with a short description of your issue.
Best regards.
Haim
|
Pushing IT forward |
|
|
23/04/2009 12:02:34
|
scumgrief
Super SysAider
Joined: 25/02/2009
Messages: 60
Offline
|
After editing the xml file, the Sysaid service won't start. I am working with version 6. Does the file have to be edited differently in version 6?
I replaced the edited xml file with the original and the service started right up...
|
|
|
26/04/2009 02:56:49
|
Haim
SysAid Wiz
Joined: 15/04/2008
Messages: 2449
Offline
|
Hello scumgrief,
There was probably an error in the syntax.
In order for us to further assist you, please send us an email to helpdesk@ilient.com with a short description of the issue and the serverconf.xml
Best regards.
Haim
|
Pushing IT forward |
|
|
25/06/2009 13:59:04
|
AdamY
SysAider
Joined: 12/11/2008
Messages: 1
Offline
|
How do you modify the serverconf.xml if you are authenticating against more than one domain?
|
|
|
25/06/2009 15:43:07
|
Haim
SysAid Wiz
Joined: 15/04/2008
Messages: 2449
Offline
|
Hello AdamY
Welcome to the SysAid community
Configuring single sign-on (Integrated Windows Authentication) on SysAid when integrated with more than one Active Directory domain should work, but only if you have trust relationship between the domains. The instructions are similar to the standard SSO configuration. You only need to do the SSO configuration against one domain. If the authenticating user is from another domain, it will automatically be routed to the corresponding domain controller for authentication (thanks to the trust relationship).
If your multiple domains don't trust each-other, then SSO is not possible
Best regards.
Haim
|
Pushing IT forward |
|
|
17/07/2009 13:39:19
|
Jbenga
SysAider
Joined: 08/07/2009
Messages: 2
Offline
|
Using SSO with Windows 7
I thought I would inform you guys what i have run into with windows 7(Yes I know Still in beta).
Though we have a few users in our company testing windows 7 and when they were going to our web page it was not logging them automatically(Everyone else in the company is fine). I found something online that states windows 7 using a different format, but its not an official Microsoft form. Has anyone else tried with Windows 7 and experience this same issue?
|
|
|
04/09/2009 19:52:23
|
H0meys
SysAider
Joined: 04/02/2009
Messages: 5
Offline
|
I just found something out from one of our Senior Sys Admins. If you use ssl with port 3269 to only 1 server it will traverse parent and child domains as though it were one domain allowing SysAid to import the users from all the domains without the domain\username format. I hope this helps...
|
|
|
![[Up]](/Sysforums/templates/default/images/icon_up.gif){kind=icon}
![[WWW]](/Sysforums/templates/default/images/icon_www.gif){kind=icon}
