Web SSO - v802

Can you confirm that an employee is linked to this Active Directory account? Also they will need a role

Employee is linked to AD account. Is there a specific role they need in 1IM?

Markus,

I have tried with https://<servername>/IdentityManager and that doesnt work either. Below is the complete stack trace

2018-12-11 14:57:00.0691 WARN ( WebLog qhwdiv035g1cfzjkqddnnvcs) : System.Exception: Single-sign-on failed, URL was /IdentityManager/ ---> System.AggregateException: One or more errors occurred. ---> VI.Base.ViException: Failed to authenticate user. ---> VI.Base.ViException: The current user could not be determined.
at VI.DB.Auth.AdsAccountHelper.GetSsoIdentity(IAuthProps props)
at VI.DB.Auth.AuthModRoleBasedADSAccountBase.GetWindowsIdentity(IResolve services, IAuthProps props)
at VI.DB.Auth.AuthModRoleBasedADSAccountBase.GetPersonDataAsync(IDbSession dbSession, IResolve services, IAuthProps props, CancellationToken cancellationToken)
at VI.DB.Auth.AuthModRoleBasedBase.<AuthenticateAsync>d__1.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at VI.DB.Auth.DbAuthenticator.<AuthenticateAsync>d__10.MoveNext()
--- End of inner exception stack trace ---
at VI.DB.Auth.DbAuthenticator.<AuthenticateAsync>d__10.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at VI.DB.Entities.SessionFactoryImpl.<>c__DisplayClass16_0.<<OpenAsync>b__0>d.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at VI.DB.Entities.SessionFactoryImpl.<_OpenAsync>d__19.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at VI.DB.Entities.SessionFactoryImpl.<OpenAsync>d__16.MoveNext()
--- End of inner exception stack trace ---
at System.Threading.Tasks.Task`1.GetResultCore(Boolean waitCompletionNotification)
at VI.Base.SyncActions.Do[T](Func`1 function)
at VI.DB.Implementation.Connection.Authenticate(IAuthProps props)
at VI.WebRuntime.UserSession.HandleLogin(IAuthPropCollector auth)
at VI.WebRuntime.UserSession.Authenticate(IAuthPropCollector auth)
at VI.WebRuntime.Communication.RequestAuthenticationModule.TrySingleSignOn(HttpContextBase context, IUserSession userSession)
--- End of inner exception stack trace --- System.Exception: Single-sign-on failed, URL was /IdentityManager/ ---> System.AggregateException: One or more errors occurred. ---> VI.Base.ViException: Failed to authenticate user. ---> VI.Base.ViException: The current user could not be determined.
at VI.DB.Auth.AdsAccountHelper.GetSsoIdentity(IAuthProps props)
at VI.DB.Auth.AuthModRoleBasedADSAccountBase.GetWindowsIdentity(IResolve services, IAuthProps props)
at VI.DB.Auth.AuthModRoleBasedADSAccountBase.GetPersonDataAsync(IDbSession dbSession, IResolve services, IAuthProps props, CancellationToken cancellationToken)
at VI.DB.Auth.AuthModRoleBasedBase.<AuthenticateAsync>d__1.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at VI.DB.Auth.DbAuthenticator.<AuthenticateAsync>d__10.MoveNext()
--- End of inner exception stack trace ---
at VI.DB.Auth.DbAuthenticator.<AuthenticateAsync>d__10.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at VI.DB.Entities.SessionFactoryImpl.<>c__DisplayClass16_0.<<OpenAsync>b__0>d.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at VI.DB.Entities.SessionFactoryImpl.<_OpenAsync>d__19.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at VI.DB.Entities.SessionFactoryImpl.<OpenAsync>d__16.MoveNext()
--- End of inner exception stack trace ---
at System.Threading.Tasks.Task`1.GetResultCore(Boolean waitCompletionNotification)
at VI.Base.SyncActions.Do[T](Func`1 function)
at VI.DB.Implementation.Connection.Authenticate(IAuthProps props)
at VI.WebRuntime.UserSession.HandleLogin(IAuthPropCollector auth)
at VI.WebRuntime.UserSession.Authenticate(IAuthPropCollector auth)
at VI.WebRuntime.Communication.RequestAuthenticationModule.TrySingleSignOn(HttpContextBase context, IUserSession userSession)
--- End of inner exception stack trace ---
2018-12-11 14:57:00.0847 INFO ( WebLog qhwdiv035g1cfzjkqddnnvcs) : Creating form VI_Session Start

Did you try to turn off basic authentication? So, only Windows Authentication is enabled.

Did you check the IIS logs to see what user is trying to access the IdentityManager URL?

Are you using a direct database connection in the web portal or an Application Server connection?

Turning off basic auth did not help. We are going through the appserver not directly to the DB. Is there a way to remove configured appserver in webportal (other than uninstalling appserver) to try if SSO works without going through appserver?

WebDesigner.ConfigFileEditor is the place to change this see screen shot below:

I can change it to a different appserver but cant have no app server using WebDesigner.ConfigFileEditor. Am i missing something?

Are you clicking on Enter new connection under the Connection section? It sounds like your trying to update the Search service.

Even from enter new connection when i click on APpServer it's asking me to put a URL. If i have a null value, it's not getting updated

We would like you to use a SQL connection instead of using Application Server. Please choose SQL Server and complete the connection details. Once completed please test to see if the site now works with SSO

Updated SQL connection info and tried...did not work. Unisntalled app server and tried with https://<servername>/IdentityManager.

No luck. Let me know if i need to raise an SR for this

Is the server a domain member? 

Did you check the IIS log (not the one from the Web Portal) to check if the request contains Windows credentials?

Is the server a domain member? 

Did you check the IIS log (not the one from the Web Portal) to check if the request contains Windows credentials?

The server is a member of the domain. I dont see the users credentials in the IIS log

There you have it. If the IIS is unable to detect the username accessing it, OneIM cannot use this information as well.

Did you try to access the portal using a non-MS browser like Chrome or Firefox? Does it ask you for Windows credentials (assuming you haven't configured these browsers to use integrated auth explicitly)?