12-10-2013 08:38 AM
We have performed the following steps to setup SSO in version 13.0.1.120
Selected "c:\inetpub]\wwwroot\AppNet"
Selected SiteMinder option
This successfully redirects to the Dartmouth SSO page, accepts credentials, and returns the call to AppNet.
WebGate is adding these headers (verified by our custom /AppNet/headertest.aspx). We can add any additional headers we desire in WebGate configuration:
USERID = "domain ID"
HTTP_USERNAME = "domain ID"
HTTP_USERID = "domain ID"
IMPERSONATE = "domain ID"
OAM_REMOTE_USER = "domain ID"
OAM_IDENTITY_DOMAIN = DartOVD
AppPool for AppNet running as a domain service account
AppNet Authorization
Anonymous Enabled
Impersonating domain service account
Windows Auth disabled
AppNet web.config
SectionHyland.Services.Client
Using SOAP, not .Net Remoting
(Based on SSO MRG page 14)
AllowNTAuthenticationOnForwarding = False
(Baed on web.config stock comment "Only turn this flag on when using NT authentication"
appSettings:
EnableAutoLogin = True
forceSSOAutoLoginOverDomain = True
(based on SSO MRG Page 6)
CustomSSOAuthenticationFailurePage = "http://server/AppNet/ssofailure.html"
Section Hyland.Authentication:
<Hyland.Authentication Type="Hyland.Authentication.SiteMinderAuthenticationProvider, Hyland.Authentication.SiteMinder, Version=2.3.0.0, Culture=neutral, PublicKeyToken=c02e21dc39c53bb0">
<properties>
<add key="userIdHeader" value="HTTP_USERID" />
<add key="logServerVariables" value="true" />
<add key="logUserName" value="true" />
</properties>
</Hyland.Authentication>
Invalid value for 'encryptedTicket' parameter | System.Web | Systems.Web.Security.FormsAuthentication | Decrypt |
| Hyland.Applications.Web | Hyland.Applications.Web.Login | ValidateOBLoginTicket |
Login Ticket invalid | Hyland.Application.Web | Login | ValidateOBLoginTicket |
12-10-2013 01:29 PM
Thanks Ian - with proper instructions we have been able to implement SSO in our Dev POC environment. We still have work to do with the full implementation (Load balancing, multiple versions due to FormProc issues, etc.) but this is a huge step forward!
Kevin
Find what you came for
We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.