This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SSO / SiteMinder setup - what are we missing?

Kevin_Perron
Star Collaborator
Star Collaborator

‎12-10-2013 08:38 AM

We have performed the following steps to setup SSO in version 13.0.1.120

  • 1) Ran "Hyland Single Sign On.msi"
  • Ran "C:\Program Files (x86)\Hyland\Single Sign On\SingleSignOnConfig.exe" (Run as Administrator) on web server

Selected "c:\inetpub]\wwwroot\AppNet"

Selected SiteMinder option

This successfully redirects to the Dartmouth SSO page, accepts credentials, and returns the call to AppNet.

 WebGate is adding these headers (verified by our custom /AppNet/headertest.aspx).  We can add any additional headers we desire in WebGate configuration:

USERID = "domain ID"

HTTP_USERNAME = "domain ID"

HTTP_USERID = "domain ID"

IMPERSONATE = "domain ID"

OAM_REMOTE_USER = "domain ID"

OAM_IDENTITY_DOMAIN = DartOVD

  • Current settings (that I know to be relevant) are:

AppPool for AppNet running as a domain service account

AppNet Authorization

Anonymous Enabled

Impersonating domain service account

Windows Auth disabled

AppNet web.config

SectionHyland.Services.Client

Using SOAP, not .Net Remoting

(Based on SSO MRG page 14)

AllowNTAuthenticationOnForwarding = False

(Baed on web.config stock comment "Only turn this flag on when using NT authentication"                                                        

appSettings:

EnableAutoLogin = True

forceSSOAutoLoginOverDomain = True

(based on SSO MRG Page 6)

CustomSSOAuthenticationFailurePage =  "http://server/AppNet/ssofailure.html"

 

Section Hyland.Authentication:

<Hyland.Authentication Type="Hyland.Authentication.SiteMinderAuthenticationProvider, Hyland.Authentication.SiteMinder, Version=2.3.0.0, Culture=neutral, PublicKeyToken=c02e21dc39c53bb0">

    <properties>

      <add key="userIdHeader" value="HTTP_USERID" />

      <add key="logServerVariables" value="true" />

      <add key="logUserName" value="true" />

    </properties>

  </Hyland.Authentication>

 

  • Results:
  • Load /AppNet/login.apsx
  • Redirected to Dartmouth SSO page, login, redirects to /AppNet/login.aspx
  • Re-directs to /AppNet/ssofailure.html
  • Nothing in Diagnostics Console on web server

 

  • Hit /AppNet/login.aspx AGAIN
  • Returns standard Web Client error page with "An unknown login error occurred."
  • Diagnostics console says:

Invalid value for 'encryptedTicket' parameter

System.Web

Systems.Web.Security.FormsAuthentication

Decrypt

 

Hyland.Applications.Web

Hyland.Applications.Web.Login

ValidateOBLoginTicket

Login Ticket invalid

Hyland.Application.Web

Login

ValidateOBLoginTicket

 

  • Hit /AppNet/login.aspx AGAIN
  • SSO failure page
  • Alternates between SSO failure page and "An unknown login error occurred" each time I hit /AppNet/login.aspx

 

Labels:
0 Kudos
5 REPLIES 5

Kevin_Perron
Star Collaborator
Star Collaborator

‎12-10-2013 01:29 PM

Thanks Ian - with proper instructions we have been able to implement SSO in our Dev POC environment.  We still have work to do with the full implementation (Load balancing, multiple versions due to FormProc issues, etc.) but this is a huge step forward!

Kevin

0 Kudos
Getting started

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2024 Khoros, LLC