Project and Portfolio Management Practitioners Forum
cancel

SSO integration for PPM 8.03 with IIS 7.0

SOLVED
Go to solution
Highlighted
Sascha_1
Super Contributor.

SSO integration for PPM 8.03 with IIS 7.0

Hello,

 

we want to use SSO for PPM 8.03 together with Microsoft IIS 7.0. We are running a PPM in clustered mode. Therefore we did the following adjustments:

 

1. Enable Windows authentication on IIS 7.0

2. Add the following parameter to the server.conf:

com.kintana.core.server.SINGLE_SIGN_ON_PLUGIN=com.kintana.sc.security.auth.WebRemoteUserSingleSignOn

3. Add "NTLM" to the authentication mode of ppm

com.kintana.core.server.AUTHENTICATION_MODE=NTLM,ITG

4. Enable Web Access Logging

com.kintana.core.server.ENABLE_WEB_ACCESS_LOGGING=true

4. Run kUpdateHtml.sh

5. Change Authentication mode for the specific user via workbench.

 

But everytime i try to login, i get the following error message:

 

http://myserverurl/itg/web/knta/global/NoAccess.jsp

No Access You do not have access to HP Project and Portfolio Management Center. Please contact your administrator for further assistance.

 

 Furthermore, i found this entries in the serverLog.txt:

ERROR JSESSIONID=2EF1D00AC49CF44703235C7F77DDDB1A.1EGT_users_n1,USERNAME= server:TP-Processor2:com.kintana.sc.authentication:2011/07/18-11:26:16.158 CEST: SSO USER HEADER : IV_USER
ERROR JSESSIONID=2EF1D00AC49CF44703235C7F77DDDB1A.1EGT_users_n1,USERNAME= server:TP-Processor2:com.kintana.sc.authentication:2011/07/18-11:26:16.159 CEST: SSO USER NAME : null

 

When i try to connect PPM via workbench, i get the following error message:

 

Invalid username/password.  Logon denied. (KNTA-10012)
LogonUser for DE\Sascha.Radtke failed with error code : 1326

 

It looks like, the system is not able to get the user information. In addition i read some interesting section in the installation guide for PPM 8.03:

 

Verify that the

sso.conf file has the following setting.

USERNAME=<

Authenticated_User_Header>

where

<Authenticated_User_Header> is the header your single

sign-on system uses to store the user ID of the authenticated user.

 

Actually, sso.conf has the default entry listed:

# sso.conf

###################

# Global Settings #

###################

USERNAME=IV_USER

 

Is this http header the correct one for IIS 7.0?

1 REPLY
Sascha_1
Super Contributor.
Solution

Re: SSO integration for PPM 8.03 with IIS 7.0

Hello,

 

problem was solved by disabling the anonymous authentication on the default website from IIS 7.0

 

Best regards,

Sascha Radtke