Skip to main content
Question

SSO cross domain users

roberto
Contributor
Forum|alt.badge.img+6

Hi all,

I’ve a question regarding single sign on into FME Server.

I’ve installed FME Server on a domain (let’s call it “Domain A”) and I’ve configured the SSO for the users in the Domain A. I’ve tried to log in on a client using right domain A account and then, using Internet Explorer, I’ve logged into FME Server in SSO mode and It works fine.

Now I have another domain (let’s call it “Domain B”) trusted with Domain A in bidirectional mode.

In FME Server I added the connection to the Domain B’s Active Directory and imported the users from this domain.

I tried to log in on a client using right Domain B account and then, using Internet Explorer, I logged into FME Server in SSO mode but it not works.

The returned message is “You are not authorized to access this web application”

Can someone tell me if I need to set principal name, using the setspn command, also in the Domain B?

Thanks in advance

Roberto

2 replies

J
Forum|alt.badge.img+2

Hi @roberto

 

 

After importing domain B user's into FME Server - do you have users from both A and B imported?

 

Are you able to sign in (without SSO) using user details from both domains?

 

Can you sign using SSO to any users from Domain A or B?

 

 

Do you see any errors in the fmeServer_* log files - look for messages with '(Active Directory)' or '(Single Sign-On)'. These files are located in <FMEServerDir>/Logs

 

Active Directory in 2017+ is case senstive for user credentials, I don't know if there's any way you can confirm that what is being sent/used to sign in, maybe there's something unexpected going on there.

 

 

I'm not sure that this is a configuration that we've tested - so at the moment cannot confirm if you should expect to be able to do this. However, SSO is currently not supported for multiple domains - I will get clarification if this includes bi-directional modes.

roberto
Contributor
Forum|alt.badge.img+6
  • robertoContributor
  • Author
  • Contributor
  • March 29, 2018

Hi Jennifer,

thanks for your input. We checked what you suggested.

So far the issue seems to be not solved. I will ask the sysadmin to check again with additional use/cases and let you know.

Reply


Most helpful members this week

Community Stats

30,845
Posts
116,926
Replies
38,663
Members
Terms & ConditionsCookie settings

Cookie policy

We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

 
Cookie settings
A product of
Safe Software respectfully acknowledges that we live, learn and work on the traditional and unceded territories of the Kwantlen, Katzie, and Semiahmoo First Nations.