Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 8 replies
  • Subscribers 3 subscribers
  • Views 1554 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SSO Misleading admin.

Simon Shaw
Under user authentication,
Active Directory Single sign-on.

The on-screen description says to use domain name in full AD domain type, the example given is: intranet.micromine.com

If you read the help for that page it says:
"Make the following settings:
Domain: NetBIOS name of the domain (in Microsoft jargon also known as pre-Windows 2000 name)."

So, which is right? The long name or the short one??

ALSO:
If I enter a short domain name and try to join, I often get the message popup that the join attempt failed.

However, if I refresh the page it says it's joined to the domain, when in fact I think it's lying to me.
This is a bit of a nasty thing when trying to troubleshoot SSO issues!


This thread was automatically locked due to age.
  • 0
    They must not have updated the online help for that page... the release notes specifically note that you have to use the FQDN there (the "long" name) ... and that has been my experience with all the customer systems I've updated.
  • 0 in reply to BrucekConvergent
    Odd thing is though, SSO does not seem to be working unless I use the short NETBIOS name here...

    Active Directory Single-Sign-On (SSO) 
    Status: Joined domain PERTH.

    If I use the long AD name, SSO appears to no longer work...

    Help [:)]

    Also, SSO doesnt happen for me SINGLE at the moment, I have to enter username, EVERY request. See log:
    2-13:48:52 (none) httpproxy[24895]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0x8084218" function="auth_adir_auth_crap_callback" file="auth_adir.c" line="719" message="Authorization denied (NT_STATUS_ACCESS_DENIED)"
    2007:12:12-13:48:52 (none) httpproxy[24895]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="block" method="GET" srcip="192.168.3.30" user="sss" statuscode="407" cached="0" profile="profile_0" filteraction="" size="2247" time="4 ms" request="0x8084218" url="www.whitepages.com.au/.../mainnav-li-residential.gif" error=""
    2007:12:12-13:48:52 (none) httpproxy[24895]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0x95ccf98" function="auth_adir_auth_crap_callback" file="auth_adir.c" line="719" message="Authorization denied (NT_STATUS_ACCESS_DENIED)"
    2007:12:12-13:48:52 (none) httpproxy[24895]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="block" method="GET" srcip="192.168.3.30" user="sss" statuscode="407" cached="0" profile="profile_0" filteraction="" size="2257" time="3 ms" request="0x95ccf98" url="www.whitepages.com.au/.../quickFinderItemBackgroundOn.gif" error=""
    2007:12:12-13:49:18 (none) httpproxy[24895]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0x8084218" function="auth_adir_auth_crap_callback" file="auth_adir.c" line="719" message="Authorization denied (NT_STATUS_ACCESS_DENIED)"
    2007:12:12-13:49:18 (none) httpproxy[24895]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="block" method="GET" srcip="192.168.3.30" user="sss" statuscode="407" cached="0" profile="profile_0" filteraction="" size="2247" time="3 ms" request="0x8084218" url="www.whitepages.com.au/.../mainnav-li-residential.gif" error=""
    2007:12:12-13:49:21 (none) httpproxy[24895]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0x8084218" function="auth_adir_auth_crap_callback" file="auth_adir.c" line="719" message="Authorization denied (NT_STATUS_ACCESS_DENIED)"
    2007:12:12-13:49:21 (none) httpproxy[24895]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="block" method="GET" srcip="192.168.3.30" user="sss" statuscode="407" cached="0" profile="profile_0" filteraction="" size="2247" time="3 ms" request="0x8084218" url="www.whitepages.com.au/.../mainnav-li-residential.gif" error="" 

    If I keep hitting "OK" on the client with the username and password pops up, it gradually loads more and more of the site.

    I did have this working 100% but now appears broken...
  • 0 in reply to Simon Shaw
    Hi Simon,
    Odd thing is though, SSO does not seem to be working unless I use the short NETBIOS name here...

    Active Directory Single-Sign-On (SSO) 
    Status: Joined domain PERTH.

    If I use the long AD name, SSO appears to no longer work...

    Help [[:)]]


    is it possible to get access to your  box, and the required credentials to join 
    the domain? Want to look at your system to get an idea. [[:)]] Please send the logins to sschnelle@astaro.com.

    Cheers,

    Sven.
  • 0 in reply to Simon Shaw
    I am having a similar issue abd would be intrested to know what the resolution was if possible.

    thanks.
  • 0 in reply to Vrej
    Still waiting, been talking with US support but we need to test more.
    Will report back.
  • 0 in reply to Simon Shaw
    Simon, try the following, goto system setting> Hostname and make sure the hostname here is FQDN. my astaro was called as1 and when i upgraded from 7.011 i never checked the name again, I changed this entry to as1.mydomain.com went back to SSO and it allowed me to join the domain, how ever SSO still is not working for me properly but then that also could be that i missed a step somewhere since I did it really quick just to test it a few min ago. 

    Vrej.
  • 0 in reply to Vrej
    That hostname is fully qualified on my system and resolves to the external interface of the firewall.  (Assigned IP by ISP, hostname set by ISP in their DNS).

    I don't think it would be used for AD auth at all since this is the external NIC, not the internal.