MIS Systems Thread, Facility/Serco Single Sign On in Technical; We have been landed with facilty/serco as our Facilty administraor has left us in the lurch. We have single sign ...
2nd September 2010, 09:46 AM #1
Facility/Serco Single Sign On
We have been landed with facilty/serco as our Facilty administraor has left us in the lurch. We have single sign on to enables users to use user credential to loging to there data, we can not get any new users entered in facilty to show in the SSO/LDAP interface. Could anyone help please?
Thanks in advance
2nd September 2010, 09:57 AM #2
- Rep Power
Call me. I may be able to help.
Thomas Deacon Academy
2nd September 2010, 10:37 AM #3
- Rep Power
I have setup SSO before and have pretty much just finished doing it on a new server. It is a complicated process but here goes!....
Presuming you have purchased the SSO module and entered the new license code, launch Facility Controller, click on Data Server Settings button and scroll across the end to find the SSO module.
Tick the box to enable SSO and select the Attempt login bypass mode.
Enter your LDAP server name.
In the LDAP Base User DN box you need to enter the paths for the OU's in AD for which you want users to be able to access SSO, separated by semi colon, for example : -
OU=Network Admin Staff, DC=NWHS, DC=LOCAL; OU=Office Staff, DC=NWHS, DC=LOCAL; OU=Staff, OU=Mobile, OU=LightlyManaged, OU=Users, OU=CommonScenarios, DC=NWHS, DC=LOCAL
Next, click on the credentials button and enter the DN of an Admin account (make sure your admin account actually has the First name written in AD (mine didn't by default, took me ages to work out why SSO wasn't working!) The DN will look something like this: CN=Administrator, OU=Network Admin Staff, DC=nwhs, DC=local
Next from Controller, click on Server, login name table, Single SignOn Logins and your table will be built. From here you will be able to map the Serco userIDs to the AD record. There is a tool to automatically do this but it will only work well if your Serco userID's actually have similar names to AD. Alternatively, if you are already using Resource passwords, the first time a user enters their credentials, it will do the mapping saving you a lot of time.
Also, just checking but if you use IIS you will need to have altered the settings.xml file to change the value from false to true for 'UseIISAuthenticationForSingleSignOnBypass and you will need to have edited the IsapiRewrite4.ini located in ePortal\bin\win32\i386 with your domain name.
Finally, you will have to disable Anonymous Authentication and add the isapirewrite4.dll filter in IIS
I worked from a Serco manual called Facility ePortal v09.2 (an old version) Single Sign On (LDAP) Guide. Get this or the latest version if you don't already have it.
Hope this helps.
By ceebster in forum Virtual Learning Platforms
Last Post: 12th July 2010, 09:55 AM
By wellscs in forum MIS Systems
Last Post: 8th June 2010, 10:03 AM
By garrysaddington in forum MIS Systems
Last Post: 8th June 2009, 11:22 AM
By localzuk in forum General Chat
Last Post: 17th July 2008, 11:25 AM
By monkeyx in forum Virtual Learning Platforms
Last Post: 26th November 2007, 09:39 AM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)