Single Sign On

 
Author
Message
SysAider
1
 
Okay i have an issue with SSO, funny thing is i managed to get this working at my last place of employment. Essentially i am not getting SSO to work, i have setup IE correctly and added the site to the Intranet Sites in security but cannot get it to authenticate, it does authenticate users (LDAP imported users) if i type in the login DOMAINNAME\username and password.

Below is my ServerConf.xml file:

<?xml version='1.0' encoding='UTF-8'?>

<serverConf>
<dbConf>
<dbDriver>org.apache.derby.jdbc.ClientDriver</dbDriver>
<dbUrl>jdbc:derby:default;create=true</dbUrl>
<dbUser>sysdba</dbUser>
<dbPassword>masterkey</dbPassword>
<dbType>derby</dbType>
<dbEncoding>utf-8</dbEncoding>
<dbMultiply>false</dbMultiply>
<dbMainName>sysaid</dbMainName>
</dbConf>
<logConf>
<logLevel>error</logLevel>
<logTimes>false</logTimes>
</logConf>
<mailConf>
<smtpHost>smtpserver</smtpHost>
<smtpUser></smtpUser>
<smtpPassword></smtpPassword>
<mailFrom>helpdesk@domainname</mailFrom>
</mailConf>
<loginConf>
<accountType>multi</accountType>
<defaultAccount>administrator</defaultAccount>
<webServerUser>false</webServerUser>
<externalLoginClass>
<ntlmAuth>
<ntlmParam>
<ntlmParamName>jcifs.smb.client.domain</ntlmParamName>
<ntlmParamValue>FQDN</ntlmParamValue>
</ntlmParam>
<ntlmParam>
<ntlmParamName>jcifs.http.domainController</ntlmParamName>
<ntlmParamValue>DC IP</ntlmParamValue>
</ntlmParam>
<ntlmParam>
<ntlmParamName>jcifs.smb.client.username</ntlmParamName>
<ntlmParamValue>domain\username</ntlmParamValue>
</ntlmParam>
<ntlmParam>
<ntlmParamName>jcifs.smb.client.password</ntlmParamName>
<ntlmParamValue>password</ntlmParamValue>
</ntlmParam>
<ntlmParam>
<ntlmParamName>jcifs.smb.lmCompatibility</ntlmParamName>
<ntlmParamValue>3</ntlmParamValue>
</ntlmParam>
</ntlmAuth>
</externalLoginClass>
</loginConf>
<smsConf>
<smsGatewayID>00</smsGatewayID>
<smsUser>internal</smsUser>
<smsPassword>d1efad72dc5b17dc66a46767c32fff40</smsPassword>
<smsProviderClass>com.sysaid.util.SMSCenterProvider</smsProviderClass>
</smsConf>
<sysaidLogLevel>info</sysaidLogLevel>
<supportURL></supportURL>
</serverConf>


Of course i have taken out company info. Any help would be appreciated as i have tried just about everything.......
SysAider
16
 
Newbie in sysaid:

SSO is working perfectly, but, it's possible to change the user connected when SSO is enabled? By default, every time I enter the login page, program use the system login user.

I want to change the user, because sometimes I need to use a administrator user in a remote location, when another user is logged.

Thanks.
SysAider
5
 
Jason,
I experienced just the same problem. SSO with IE just did not work. I would appreciate any help ...
Super SysAider
64
 
SSO by design would take whatever user is logged in and use that account.

Can you remotely log into another computer to access sysaid?

Not perfect but might work.
OCL
SysAider
1
 
Has anyone managed to get SSO to work in a multi domain environment? We are rolling out sysaid to 7000 users aprox and teaching them to type their domain\username is becoming a pain!

Any help much appreciated

Thanks
SysAid Mod
9
 
Dear Ilient I have a problem with Sigle Sign on.
I made the changes to the post
https://www.sysaid.com/Sysforums/posts/list/277.page # 671
But it does not work correctly.
Some users (1 or 2) you connect, others do not connect.
Could you help me?
SysAid Wiz
2449
 
Jason Weston,

This means that the browser (IE) is not passing the credentials to the SysAid server.

Make sure that typing the domain credentials allows you to login, and if it does, this means that SSO is configured correctly.

Here is how to set IE to pass credentials to the SysAid server.

1. In Internet Explorer, please go to the Tools -> Internet Options -> Advanced tab and check the “Enable Integrated Windows Authentication” check-box.

2. Next, switch to the security tab and click Local Intranet -> Custom Level and select “Automatic log-on with current user name and password” (under User Authentication, Log-on).

3. Click OK on all windows and restart Internet Explorer (close all IE windows and open it again).

4. See if you can automatically login to SysAid. If not, perform step 2 on the Internet Zone as well and try again.
Pushing IT forward
SysAid Wiz
2449
 
OCL wrote:Has anyone managed to get SSO to work in a multi domain environment? We are rolling out sysaid to 7000 users aprox and teaching them to type their domain\username is becoming a pain!

Any help much appreciated

Thanks


Hello OCL,

Configuring single sign-on (Integrated Windows Authentication) on SysAid when integrated with more than one Active Directory domain should work, but only if you have trust relationship between the domains. The instructions are similar to the standard SSO configuration. You only need to do the SSO configuration against one domain. If the authenticating user is from another domain, it will automatically be routed to the corresponding domain controller for authentication (thanks to the trust relationship).

If your multiple domains don't trust each-other, then SSO is not possible
Pushing IT forward
SysAid Wiz
2449
 
argentieri wrote:Dear Ilient I have a problem with Sigle Sign on.
I made the changes to the post
https://www.sysaid.com/Sysforums/posts/list/277.page # 671
But it does not work correctly.
Some users (1 or 2) you connect, others do not connect.
Could you help me?


Hello argentieri,
This issue might happen in several cases.
In order for us to further assist you, please open a service request on this issue by sending an email to helpdesk@sysaid.com with a short description of your issue.

Best regards.
Haim
Pushing IT forward
Super SysAider
63
 
After editing the xml file, the Sysaid service won't start. I am working with version 6. Does the file have to be edited differently in version 6?

I replaced the edited xml file with the original and the service started right up...

SysAid Wiz
2449
 
Hello scumgrief,

There was probably an error in the syntax.
In order for us to further assist you, please send us an email to helpdesk@sysaid.com with a short description of the issue and the serverconf.xml

Best regards.
Haim
Pushing IT forward
SysAider
1
 
How do you modify the serverconf.xml if you are authenticating against more than one domain?
SysAid Wiz
2449
 
Hello AdamY
Welcome to the SysAid community

Configuring single sign-on (Integrated Windows Authentication) on SysAid when integrated with more than one Active Directory domain should work, but only if you have trust relationship between the domains. The instructions are similar to the standard SSO configuration. You only need to do the SSO configuration against one domain. If the authenticating user is from another domain, it will automatically be routed to the corresponding domain controller for authentication (thanks to the trust relationship).

If your multiple domains don't trust each-other, then SSO is not possible

Best regards.
Haim
Pushing IT forward
SysAider
2
 
Using SSO with Windows 7

I thought I would inform you guys what i have run into with windows 7(Yes I know Still in beta).

Though we have a few users in our company testing windows 7 and when they were going to our web page it was not logging them automatically(Everyone else in the company is fine). I found something online that states windows 7 using a different format, but its not an official Microsoft form. Has anyone else tried with Windows 7 and experience this same issue?
SysAider
5
 
I just found something out from one of our Senior Sys Admins. If you use ssl with port 3269 to only 1 server it will traverse parent and child domains as though it were one domain allowing SysAid to import the users from all the domains without the domain\username format. I hope this helps...