Question

SSO and Azure AD authentication

  • 20 November 2020
  • 8 replies
  • 1137 views

Userlevel 3
Badge +8

Hi

 

we are trying to set up Single Sign On SSO on environment that is authenticating against Azure AD.

Azure AD authentication is working fine but when we try to set up SSO (check box “Use Single Sign-On” on login dialog) according to steps in IFS Online documentation we get error message.

aadsso2

  1. Launch the IFS Enterpris Explorer client using the IFS Applications landing page. While the application is opeing keep pressing the "Shift"  key. The following dialog will appear.
  2. Tick the tick box "Use Single Sign-On" and press OK.
  3. User's corporate email address will be used as the login hint and user will be seemlessly logged in to IFS Enterprise Exlporer. No login dialog to enter user id or password will appear.

 

Error is:

 

Ifs.Fnd.FndSystemException: Unable to cast object of type 'System.DirectoryServices.AccountManagement.GroupPrincipal' to type 'System.DirectoryServices.AccountManagement.UserPrincipal'.

   at System.DirectoryServices.AccountManagement.UserPrincipal.FindByIdentity(PrincipalContext context, IdentityType identityType, String identityValue)

   at System.DirectoryServices.AccountManagement.UserPrincipal.get_Current()

   at Ifs.Fnd.AccessProvider.FndConnection.set_AutoLogon(Boolean value)

   at Ifs.Fnd.AccessProvider.Interactive.FndLoginDialog.AuthenticateCredentials(FndLoginCredentials loginCreds)

 

Does anyone know how that can be fixed?

 

Neno Solaja


This topic has been closed for comments

8 replies

Userlevel 7
Badge +19

Hi Neno,


Did you get your issue solved..

Perhaps, following link might be helpful to figure out.
https://forums.asp.net/t/2155371.aspx?Unable+to+cast+object+of+type+System+DirectoryServices+AccountManagement+GroupPrinicpal+to+type+System+DirectoryServices+AccountManagement+UserPrincipal

 

Best regards,

/Mino

Userlevel 3
Badge +8

Thanks for answer, since error comes from IFS Login dialog we cannot change it as suggested in the link but we created a case in LCS for that problem.

It seems that SSO functionality requires that workstation is joined to active directory to work. We assumed that user just need to log in to Azure AD.

 

Userlevel 7
Badge +30

Hi @NZCNESOSE,
I guess this is the 1st login attempt after your have setup SSO ? hence its likely that there may have been a issue or difference in setting up SSO as per guidelines. Have you followed directly as per : Achieving Single Sign-On behaviour  in IFS Technical Documentation ?
Best Regards,
Yasas

Userlevel 3
Badge +8

There is not many steps in guideline for Azure AD SSO for IFS Enterprise Explorer (just check “Use Single Sign-On”).  Azure AD authentication is already set and works fine, it’s just SSO on computers that are not joined local Active Domain that are problem.

 

 

Userlevel 7
Badge +30

Hi @NZCNESOSE,
Could you also check as per KBA : What are the prerequisite checks that should be noted regarding SSO Authentication ? 
Best Regards<
Yasas

Userlevel 3
Badge +8

This KBA is about ADFS - we  are using Azure AD.

Userlevel 6
Badge +18

@NZCNESOSE

There are multiple pages in the IFS technical documentation about setting up Azure AD. If you haven’t followed those (prerequisites and setup process) then this will never work properly for all conditions.  

If you try to log in on a PC not connection to your domain, without the “Use SSO” checkbox checked, can you select an AD account and successfully connect?  i.e. not seamless but with no need to enter credentials each time?

Even simpler - can you access IFS directly from a non-domain connected PC?  To do so I assume that you have published IFS externally to the internet.

Userlevel 3
Badge +8

Hi

Azure AD authentication works. Users gets “login page” and can select (or enter) Azure AD account and log in normally without entering password.

The problem is just “Use SSO” that on some PC configurations does not works.

 

Neno