Home Analyst Portal

Single sign on for cireson portal

Suruchi_BharatiSuruchi_Bharati Customer IT Monkey ✭
We had single sign (using AD credentials) on to the portal working perfectly in our production prior to upgrading the portal from version 4 to 7.4 (latest) this weekend. But now it is prompting for credentials. How can we configure single sign on to the portal. I am not sure whty the upgrade changed that.   Please advise ASAP. Thank you

Best Answer

  • Joe_BurrowsJoe_Burrows Cireson Devops Super IT Monkey ✭✭✭✭✭
    Answer ✓
    I tried the above - single sign on still isnt working propery - i had to revert it back to forms authentication since when i enabled windows - it kept prompting for credentials sometimes and sometimes would get in via single signon. I also noticed that templates werent loading at all when windows authentication was enabled.  It was working perfectly prior to upgrading to 7.4, Please help
    Hi Suruchi

    Id recommend checking the below:

    - Re-enter the Application Pool Identity credentials, in IIS got to Application Pool -> Advanced Settings -> Identity credentials

    - Ensure that the only Authentication that is enabled is Windows Authentication and Anonymous  - using IIS select the website then Authentication to view what is enabled.

    - In IIS select the website and Authentication then click on Windows Authentication on the right-hand side select Advanced Settings - be sure that the checkbox is checked for Enable Kernal Mode Authentication

    - In IIS select the website and Authentication then click on Windows Authentication on the right-hand side select Providers, move NTLM before negotiate and restart the website.


    If this is still an issue after the above then lets raise as a support ticket so someone can troubleshoot this issue further.

Answers

  • Brian_WiestBrian_Wiest Customer Super IT Monkey ✭✭✭✭✭
    Verify your Forms Authentication is disabled and Windows Authentication is enabled. That is a big jump in the version so it could have lost the web.config settings for that in IIS.
  • Suruchi_BharatiSuruchi_Bharati Customer IT Monkey ✭
    Thanks Brian. I modified the web.config file to change authentication mode to windows. But it is giving access denied error now.
  • Brian_WiestBrian_Wiest Customer Super IT Monkey ✭✭✭✭✭
    Check your cache builder logging and verify that it has synced your CI$users
  • Suruchi_BharatiSuruchi_Bharati Customer IT Monkey ✭
    Thanks Brian. This is production - so I will try it tonight after business hours. If it works, will close this discussion 
  • Brian_WiestBrian_Wiest Customer Super IT Monkey ✭✭✭✭✭
    The cache builder can be restarted any time. My users never notice. At most want can be seen is a few minute delay on work item sync while the builder finishes syncing users and groups.
  • Suruchi_BharatiSuruchi_Bharati Customer IT Monkey ✭
    I see this error :smile:

    Access is denied.

    Description: An error occurred while accessing the resources required to serve this request. The server may not be configured for access to the requested URL. 

    Error message 401.2.: Unauthorized: Logon failed due to server configuration.  Verify that you have permission to view this directory or page based on the credentials you supplied and the authentication methods enabled on the Web server.  Contact the Web server's administrator for additional assistance.
  • Tom_HendricksTom_Hendricks Customer Super IT Monkey ✭✭✭✭✭
    Check that the permissions on your folders are giving Read access to the ID that is trying to access the page.  That could be the App Pool ID, IUSR, [SERVERNAME]\Users, or the actual ID of the user that is browsing the page, depending on your security settings.

    If you had to set the physical credentials in IIS, this will have been removed when you ran the installer (I am not recommending setting physical path credentials there, but that may be the issue, if you have done this).
  • Suruchi_BharatiSuruchi_Bharati Customer IT Monkey ✭
    I tried the above - single sign on still isnt working propery - i had to revert it back to forms authentication since when i enabled windows - it kept prompting for credentials sometimes and sometimes would get in via single signon. I also noticed that templates werent loading at all when windows authentication was enabled.  It was working perfectly prior to upgrading to 7.4, Please help
  • Joe_BurrowsJoe_Burrows Cireson Devops Super IT Monkey ✭✭✭✭✭
    Answer ✓
    I tried the above - single sign on still isnt working propery - i had to revert it back to forms authentication since when i enabled windows - it kept prompting for credentials sometimes and sometimes would get in via single signon. I also noticed that templates werent loading at all when windows authentication was enabled.  It was working perfectly prior to upgrading to 7.4, Please help
    Hi Suruchi

    Id recommend checking the below:

    - Re-enter the Application Pool Identity credentials, in IIS got to Application Pool -> Advanced Settings -> Identity credentials

    - Ensure that the only Authentication that is enabled is Windows Authentication and Anonymous  - using IIS select the website then Authentication to view what is enabled.

    - In IIS select the website and Authentication then click on Windows Authentication on the right-hand side select Advanced Settings - be sure that the checkbox is checked for Enable Kernal Mode Authentication

    - In IIS select the website and Authentication then click on Windows Authentication on the right-hand side select Providers, move NTLM before negotiate and restart the website.


    If this is still an issue after the above then lets raise as a support ticket so someone can troubleshoot this issue further.

  • Suruchi_BharatiSuruchi_Bharati Customer IT Monkey ✭
    Thanks Joe, what did the trick for me were - move NTLM before negotiate and setting the managementserver config in the web.config file to localhost. This is now resolved!
This discussion has been closed.