Help on configuring SSO

I assume Server 2008

You have to go through the steps for Kerberos to work in IIS with an Alias

You'll have to register the SPN in Active Directory

You can search on MIcrosoft.com for IIS Alias Authentication.

Here's a good starting point for some background and help:

http://support.microsoft.com/kb/929650

This is not S1 specific and would have to be done for any IIS Authentication using Aliases.

Greetings,

Majority of the time if documentation is followed things will work as expected. Sometimes you will need support team to review your environment.

The pop-up you mentioned would come when Kerberos authentication is not working. Do you know if you can get SSO working with the hostname of the search/web server e.g. http://ES1WebServer1/Search/

Install guide already points to what needs to be done to have search working. Another thing you can check is that what if you change the authentication provider sequence from Negotiate, NTLM to NTLM, Negotiate ? This will make NTLM the first authentication mechanism.

I will still encourage you to talk to support and let them review your situation.

Thanks,

Rajan

Hi Tom,

Check what the search is configured with ? Open web.config file for search site and see what are the settings there. ExSearchWebServiceURL should be pointing to the local hostname. Here are lines from my test lab

It would show alias name if that is how search and mobile roles were installed. In most of the configurations I never needed to install with alias name. Routing to alias name was always handled at DNS and NLB levels.

Instead of making many changes, I would suggest you to engage EMC support. They should be able to assist in this situation.

Regards,

Rajan

Thnx Gary fo ryour reply, i did indeed found that article already.

Rajan

I just retried, and i noticed when connecting to the  http://ES1WebServer1/Search/

I get the message "Unable to authorize to the search web service"

I' m connecting from the ES1WebServer1(same issue when using http://localhost/search

I confirmed the setting as described in the install guide

Any idea where this message can come from?

I also added the site to the local intranet.

I have configured SSO before and actually never had any issues before, (exept 1 where the reverse proxy was causing the issue)

Hi Tom,

Try repair install of SourceOne Web Service, Search and Mobile on one of the machines. Then check if you could login without SSO. Once that is working then try to enable SSO.

Repair install should add back anything missing.

Regards,

Rajan

Rajan

I already switched back to the default.

All settings are now set as to when the Services were installed.

Could you copy:paste your webconfig lines?

thxn

I am no Expert for SourceOne, but I had recently a similar problem with Documentum. I got it solved through EMC Tech. Support. They steered me through the whole process and where able to solve all the problems that came up.

I recommend to open a service request.

Hi Rajan

it seems the lines are missing.

Could you maybe upload your example of the webconfig?

Then i can check and open an SR and give correct info from the start.

Thnx

Hi Tom,

Uninstall search

Uninstall webservices

Install webservices.

Install search - prompt for webserver name - mention local hostname of that system instead Universal URL or common name.

Once you finish , It will ask for rebooting server

Make the above changes on both the web servers.

Configure SSO again.

Add http://es1webserver1 in local intranet sites.

Check via  browsing http://ES1WebServer1/Search/   on es1webserver

Configure same on second server...

if the above works

Check with Universal URL  http://emailhistory.customer.com

Regards,

Ajay Chanana

Hi Ajay

I tried what you proposed, but ran into something strange

When opening the http://es1webserver1 it immediatly displayed  an error

Unable to authenticate with teh webservices

any other sugestions?

Hi Tom,

You need to type "http://es1webserver1/search" . Because we are checking individual server therefore it will not redirect to /Search automatically.

Regards,

Ajay Chanana

Sorry Ajay, thats what i ment.

I am accesing http://es1webserver1/search

thnx

Hi Tom,

You need to follow the above step which i have shared because earlier you have mentioned the common name.

However we need to defind individal server name on  webserver.

Uninstall search

Uninstall webservices

Install webservices.

Install search - prompt for webserver name - mention local hostname of that system instead Universal URL or common name.

Once you finish , It will ask for rebooting server

Make the above changes on both the web servers.

Configure SSO again.

Add http://es1webserver1 in local intranet sites.

Check via  browsing http://ES1WebServer1/Search/   on es1webserver

Configure same on second server...

if the above works

Check with Universal URL  http://emailhistory.customer.com

Regards,

Ajay Chanana