This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Unity client Autologin

Timothy_Marsh
Confirmed Champ
Confirmed Champ

‎10-21-2013 10:57 AM

I am trying to configure the Unity Client for user auto login.  Our OnBase system is at the following versions

Appserver – 12.0.3.254

Unity Client – 12.0.3.217

The system uses LDAP Authentication and users use auto login for the Thick Client with no problem

I get the following error which tells me I’m close to having all of the settings correct.

Here is the list of settings I have set so far. What am I missing?

  1. Enable NT Authenication in obunity.exe.config

 <add UseADFS="false" ServicePath="http://hws12-remote1-test.co.anoka.mn.us/appserver/Service.asmx" DataSource="OnBase_Test" FriendlyName="OnBase_Test" UseNTAuthentication="true"/>

  1. In ConfigurationàNetwork Security uncheck Interactive User Authentication for Core Services

  1. Disable Anonymous Access & Enable Windows Authentication on the Web Server's virtual directory.

 

  1. Add the Web Server URL to the trusted sites or local intranet in IE settings, and ensure that the Custom Level Setting "Automatic Logon with current user name and password" is selected.

 

What am I missing in the MRG that would clear up the error.

 

0 Kudos
3 REPLIES 3

AdamShaneHyland
Employee
Employee

‎10-21-2013 11:33 AM

Hi Tim,

Thanks for the details in the post.

The configuration which you posted is correct if you were using AD, however, if you are using LDAP authentication there is no way for us to guarantee that you will be able to make it work with Core based clients. Typically the reason is that with the Thick Client, the user logged into the workstation is making the requests out to the LDAP server using their credentials to request user validation as well as the user group membership mappings. In your case I noticed that the Network Security configuration is set for Interactive which works a bit different. I would expect that the Core would work if you had interactive authentication configured, but this would require a bit of additional configuration on the AppServer virtual directory.

Here’s a bit of explanation. When you are working with the Core based products, authentication is done through the Application Server. This means that when a request comes in to authenticate a user, the request is passed off to the Application Server which will in turn makes the request on behalf of the workstation logged in user to the LDAP server. The problem can be broken down to 1) IIS's ability to retrieve the logged in user upon request to the service page of the AppServer and 2) the account running the AppServers Application Pool (ie the AppPool identity account) or the impersonation account (as configured in the AppServers web.config) having the necessary permissions to authenticate the user against the LDAP server and retrieve the user group mapping.

One way to check if the user is able to authenticate to the virtual directory is by having the user attempt to browse to the AppServers service.asmx page (ie http://<serverName>/<AppServerVirtualDirectory/Service.asmx). If the user is able to view the page without error then you know that the Windows Authentication virtual directory option is able to validate the user against the access control list which means that that OnBase should be able to retrieve their user credentials. Then you would have to verify that the account running the service (ie AppPool identify or impersonation) has the necessary permissions to read the group memberships. If you get to this point, the LDAP/NT Diagnostics Tab (enabled in the AppServer web.config) would be helpful for troubleshooting.

Hope this helps.

0 Kudos

Timothy_Marsh
Confirmed Champ
Confirmed Champ

‎10-21-2013 11:44 AM

We have Onbase Ldap settings tied to our Active Directory. I  am able to sign into Unity/appserver with my network credentials. It's just autologin is not working.

0 Kudos

AdamShaneHyland
Employee
Employee

‎10-21-2013 11:53 AM

Hi Tim,

LDAP over AD should work with autologin.  My guess is it has something to do with the AppServer's credentials.  I would recommend working with your first line of support to further investigate your configuration and work with you to figure it out.

Additionally, depending on your environment, it might be worth changing your configuration over to AD instead of LDAP over AD, but that conversation is better for your first line of support.

Take care.

0 Kudos
Getting started

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2024 Khoros, LLC