CA Service Management

 View Only
Expand all | Collapse all

Help On Single Sign-On (SSO) - IIS

  • 1.  Help On Single Sign-On (SSO) - IIS

    Posted Mar 30, 2016 10:33 AM

    Guys,

    Im so confuse if some stepd to configure single sign-on in IIS, is never has done this befor!! =(

    I have followed the steps according to the doc TEC602366.

    When I try to access the application URL a pop-up requesting credentials is displayed but, when i put them, the pdmweb.exe is downloaded to the browser and nothing is presented on the browser.

    Can anyone help me to understand what im doing wrong?

    I use some differents urls, like:

    • servername.domain:80
    • ipaddress:80
    • servename.domain:80/CAisd/pdmweb.exe
    • ipaddress:80/CAisd/pdmweb.exe

    My environment:

    • Windows Server 2008 R2 Standard
    • IIS 7
    • CA SDM 14.1

    I believe that this erros are related to these urls or something related to it.

    Many thanx!!!!



  • 2.  Re: Help On Single Sign-On (SSO) - IIS

    Broadcom Employee
    Posted Mar 30, 2016 10:37 AM

    Diego,

     

    Just to make sure, have you also followed this document?

     

    http://www.ca.com/us/support/ca-support-online/product-content/knowledgebase-articles/tec1584216.aspx

     

    I think you may be missing step 15 for starters.



  • 3.  Re: Help On Single Sign-On (SSO) - IIS

    Posted Mar 30, 2016 10:56 AM

    Alexander,

    Many thanx for reply!!

    I had not done this step 15 you oriented.

    After making the change, restart IIS and access the url is not made more download pdmweb.exe, but the SDM home page appears asking for login and password to access. =(



  • 4.  Re: Help On Single Sign-On (SSO) - IIS

    Broadcom Employee
    Posted Mar 30, 2016 11:12 AM

    OK, we're heading in the right direction at least

     

    Is the ServiceDesk server joined to the same domain that the user accounts are a member of?

    Does the user's domain logins match exactly with their ServiceDesk username?



  • 5.  Re: Help On Single Sign-On (SSO) - IIS

    Posted Mar 30, 2016 01:37 PM

    Alexander,

    The server is in the same domain the user accounts and the user´s domain logins match with sd username!

    At least pdmweb.exe stopped being downloaded by the browser when access the url with port 80.



  • 6.  Re: Help On Single Sign-On (SSO) - IIS

    Posted Mar 30, 2016 01:57 PM

    What is the authentication mode of your IIS server? Or the one of your default web site? Or the one of your CAisd site?

     

    It needs to be set on Windows Authentication. Otherwise, user's credentials will not be passed to the web application.

     

    iis_settings.png



  • 7.  Re: Help On Single Sign-On (SSO) - IIS

    Posted Mar 30, 2016 02:07 PM

    Hi POssq, thanx for reply!

    The authentication mode is the same for IIS, Default Web Site and thhe CAisd too:

     

    iis.png



  • 8.  Re: Help On Single Sign-On (SSO) - IIS

    Posted Mar 30, 2016 02:35 PM

    I found intriguing that when access with port 80 and refresh it (with F5), the page displays a message that says that the page used information entered (message in brazilian portuguese) and this information will be lost if I continue.

    When access with port 8080 and refresh it infinite times no message is displayed ...

    Perhaps because, somehow, the credentials are being inserted or used in any way ... (?)

     

    sdm.png



  • 9.  Re: Help On Single Sign-On (SSO) - IIS

    Posted Mar 30, 2016 02:38 PM

    :8080 direct you to the tomcat server. (If you have the default configuration)

     

    If you want SSO with Tomcat you'll need a third party library like Waffle.



  • 10.  Re: Help On Single Sign-On (SSO) - IIS

    Posted Mar 30, 2016 02:16 PM

    The access type of the user trying to login must be set to : Authorize external authentication.

     

    You can find this options on the detail form of an access type.

     

    You should set Ca Embedded Entitlements Manager as the Validation type if EEM's installed. otherwise select : Always authorize.

     

     

    Do not forget to check the boxe!

     

    Should do the trick.



  • 11.  Re: Help On Single Sign-On (SSO) - IIS

    Posted Mar 30, 2016 02:41 PM

    Hi Possq,

    Yeah, the access type is configured to allow external authentication.

    I dont have EEM on my environment, only SDM and BI!! =(

     



  • 12.  Re: Help On Single Sign-On (SSO) - IIS
    Best Answer

    Posted Mar 30, 2016 02:45 PM

    Validation type is set to Always authorize ?

     

    If yes, anything in the  ServiceDesk's logs?



  • 13.  Re: Help On Single Sign-On (SSO) - IIS

    Posted Mar 30, 2016 03:21 PM

    pier-olivier.tremblay and Alex_Perretti,

    Many, many, many thanx for the exceptional help!!!

    Both the solution suggested by Alexander, the step 15 of TEC1584216 doc as the orientation to set the validation type to allways authorize (which was unchecked for testing and I forgot to check again) solved the problem.

    My infinitely thanx guys!!!!!