Skip to main content
  • EN

Hello,

 

Recently we attempted to adopt single sign-on through our Windows AD. However, we are having difficulties getting it to work.

 

I have followed the steps outlined by: https://docs.safe.com/fme/html/FME_Server_Documentation/AdminGuide/IWA.htm

 

It worth noting that we have also switched our server to using HTTPs

 

Whenever a user clicks "Use windows credentials" they get an error "Login failed, please try again". Its worth noting if a user manually inputs their AD credentials, the login is successful.

 

When checking the fmeserver.log file I do see the message "Unauthorized request by user <User> due to lack of proper permissions or the object does not exist."

 

I have also noticed that when using the generate token URL:

https://<fme server name>/fmetoken/sso/generate

I get an error 403 "forbidden" (this is the URL set in the propertiesFile.properties)

 

Just to reiterate manually entering the AD credentials works without any issues, only when using the "Use Windows Credentials" SSO option does it fail.

 

Any help would be GREATLY appreciated. Thanks!

Hi @matthewobuck​ ,

If you haven't already, I recommend reviewing our FME Server Troubleshooting: Integrated Windows Authentication or Single Sign On article. In particular, we have listed steps to resolve the "You are not authorized" error for Windows in addition to some other related issues.

 

If these solutions don't resolve the error, I'd recommend creating a case with our Support Team for this issue. If you can, it would be helpful to our support team if you including some or all of the following supporting details:

  • Screenshots of the issue
  • Screenshots of the configuration(s)
  • Configuration files that were updated or changed
  • Installation details, e.g. version, build, express, distributed, etc.
  • Log files (e.g. fmeserver.log)

Let us know how it goes. Thank you!

Hi @matthewobuck​ ,

If you haven't already, I recommend reviewing our FME Server Troubleshooting: Integrated Windows Authentication or Single Sign On article. In particular, we have listed steps to resolve the "You are not authorized" error for Windows in addition to some other related issues.

 

If these solutions don't resolve the error, I'd recommend creating a case with our Support Team for this issue. If you can, it would be helpful to our support team if you including some or all of the following supporting details:

  • Screenshots of the issue
  • Screenshots of the configuration(s)
  • Configuration files that were updated or changed
  • Installation details, e.g. version, build, express, distributed, etc.
  • Log files (e.g. fmeserver.log)

Let us know how it goes. Thank you!

Hello @sanaeatsafe​,

Thank you for the resource I will promptly look through it and see if I missed anything.

 

However, just to clarify I do not get a "You are not authorized" error when clicking the windows credentials button, I get a "Login Failed, please try again" error. I do see an error 403 when accessing the SSO generate token url: https://<fme server name>/fmetoken/sso/generate

Reply


Community Stats

30,162
Posts
114,484
Replies
37,809
Members
Terms & ConditionsCookie settings
A product of
Safe Software respectfully acknowledges that we live, learn and work on the traditional and unceded territories of the Kwantlen, Katzie, and Semiahmoo First Nations.