After attempting for an hour or so to get the SSO service running on a MOSS system in a local machine (non Active Directory) environment, I discovered a couple of posts and some documentation from Microsoft which indicated that for the SSO service to be used with SharePoint/MOSS, the system must be integrated into an … Continue reading Microsoft / SharePoint / MOSS Single Sign-On Service not supported in non AD Environment?
As an update to my post about Configuring the Sharepoint MOSS Single Sign-On Service, I’ve discovered that the SSOADMIN user (the user account which the SSO service is run under) requires that the user account is granted the “Logon as Service” permission directly, rather than it being inherited by Group memberships or some other means.
Configure Single Sign-On (Office Sharepoint Server) Creating a Service Account http://www.sharepointblogs.com/llowevad/archive/2007/06/25/sharepoint-2007-single-sign-on-setup.aspx
How do you overcome the identity double hop problem? Windows credentials can only make one “hop” between machines on a network. The first hop is from the user’s browser to the web server; from here, to get to another machine on your network, a second hop is required. There are two ways to work around … Continue reading Sharepoint Single Sign-On, Impersonation and the Double-Hop Problem
In an effort to understand how you might exploit the SSO for your own custom development in Sharepoint (MOSS) I wrote a Web Part to enumerate SSO Applications and Credentials, as shown below. The code for the web part is quite simple, as is the SSO SDK itself (at least as an SSO consumer).
So I decided to use SSO for authentication with the BDC, and obviously learn what SSO was all about. Accept from the start that configuration of the SSO service accounts and their requirements for use in SSO is confusing and very specific, check here for the full guide and requirements. Also check out these links … Continue reading Configure Sharepoint (MOSS) Single Sign-On