Hyland Connect

Cecelia_Rocha · ‎07-13-2021

Hyland FLOS configured our app server so that the Unity Client and Web Client can authenticate successfully. We are using AD - Enhanced authentication. However, all our custom applications that use the Unity API now fail to authenticate/connect. We are using CreateDomainAuthenticationProperties(). The solution I was given was to stand up a new app server with different authentication properties in IIS just for the API. I thought that the Unity API contained all the functionality that the Unity Client has. So why do I need a second app server? Before upgrading to EP3 we were using OnBase 17 and AD - Basic authentication. Thanks for your feedback/input!

Jim_Bullen1 · ‎07-14-2021

@Adam Shane Thank you for the clarification! I assumed Disconnected Scanning needed the OnBase IdP to use AutoLogin because consulting the MRG pointed me to the Authentication MRG for OnBase 18. I only found Disconnected Scanning under two sections in that MRG - using ADFS , and using OnBase IdP so I assumed (apparently incorrectly) that one of these must be used for it to work. It is good to know that it is still supported using AD or LDAP authentication

@Rob Keberdle Thank you for the additional information as well!

Thilina_Random2 · ‎07-13-2021

Were you requested to create a new AppServer that was identical to the one you already have? Or a new AppServer that was configured slightly differently?

Unity and Web Client may require different authentication or may require the AppServer to be configured differently in some other way than the custom applications that connect using Unity API.

CreateDomainAuthenticationProperties() indicates using Windows authentication at the AppServer level when connecting via Unity API. You may need to check what settings were needed for your Unity and Web Client to work on the AppServer level.

As others have mentioned multiple AppServers can be run on the same Windows server you shouldn't need a change to your number of servers or architecture.

Having said that, embracing separate AppServers are for different clients is actually a good thing so that they can use different AppPools so that:
1) recycling one AppPool wouldn't affect everything else.
2) a crash in one of the AppPools wouldn't affect everything else.
3) they can have be run under different credentials there is any such need.
4) they can have different configurations such as timeout settings, # of worker processes, memory limits, fail protection settings etc.

The only downside to running different AppServers (within the same Windows server) is there is slightly more memory used since each AppPool has some memory overhead. This is usually only a few hundred MBs but is considered negligible since servers usually have memory in the GB ranges assigned to them.

Cecelia_Rocha · ‎07-14-2021

@Thilina Randombage The new app server has different authentication settings and it is on the same Windows server. Sorry I didn't make that clear. No new hardware or VM required. Wow I never thought about the benefits of running separate app servers for different clients but that makes sense! You've enlightened me! Thanks!

Jeannie_Korando · ‎07-15-2021

When you say stand up a new app server - does that mean you need a 2nd licenses for the app server? I am looking to migrate our Onbase 18.144 to EP5. I know we will need to use AD however, I am confused as to how all our 'generic' forms will be accessed by the public? We do not want to use an AD account. Currently they use generic accounts that are not on our domain. How will this work?

Thilina_Random2 · ‎07-15-2021

Appservers do not require a license. You can have as many appservers as you like. Generic forms (unity or eforms) can be served via a non-AD account

Hyland Connect

Do we really need 2 app servers in order to get domain authentication to work with Foundation EP3 Unity API?