Skip to main content
Question

SSO and Azure AD authentication

  • November 20, 2020
  • 8 replies
  • 1411 views
N
Sidekick (Partner)
Forum|alt.badge.img+8

Hi

 

we are trying to set up Single Sign On SSO on environment that is authenticating against Azure AD.

Azure AD authentication is working fine but when we try to set up SSO (check box “Use Single Sign-On” on login dialog) according to steps in IFS Online documentation we get error message.

aadsso2

  1. Launch the IFS Enterpris Explorer client using the IFS Applications landing page. While the application is opeing keep pressing the "Shift"  key. The following dialog will appear.
  2. Tick the tick box "Use Single Sign-On" and press OK.
  3. User's corporate email address will be used as the login hint and user will be seemlessly logged in to IFS Enterprise Exlporer. No login dialog to enter user id or password will appear.

 

Error is:

 

Ifs.Fnd.FndSystemException: Unable to cast object of type 'System.DirectoryServices.AccountManagement.GroupPrincipal' to type 'System.DirectoryServices.AccountManagement.UserPrincipal'.

   at System.DirectoryServices.AccountManagement.UserPrincipal.FindByIdentity(PrincipalContext context, IdentityType identityType, String identityValue)

   at System.DirectoryServices.AccountManagement.UserPrincipal.get_Current()

   at Ifs.Fnd.AccessProvider.FndConnection.set_AutoLogon(Boolean value)

   at Ifs.Fnd.AccessProvider.Interactive.FndLoginDialog.AuthenticateCredentials(FndLoginCredentials loginCreds)

 

Does anyone know how that can be fixed?

 

Neno Solaja

    This topic has been closed for comments

    8 replies

    Minoshini Fonseka
    Superhero (Employee)
    Forum|alt.badge.img+19

    Hi Neno,


    Did you get your issue solved..

    Perhaps, following link might be helpful to figure out.
    https://forums.asp.net/t/2155371.aspx?Unable+to+cast+object+of+type+System+DirectoryServices+AccountManagement+GroupPrinicpal+to+type+System+DirectoryServices+AccountManagement+UserPrincipal

     

    Best regards,

    /Mino

    /Mino
    N
    Sidekick (Partner)
    Forum|alt.badge.img+8
    • NZCNESOSE
    • Author
    • Sidekick (Partner)
    • 26 replies
    • January 20, 2021

    Thanks for answer, since error comes from IFS Login dialog we cannot change it as suggested in the link but we created a case in LCS for that problem.

    It seems that SSO functionality requires that workstation is joined to active directory to work. We assumed that user just need to log in to Azure AD.

     

    Yasas Kasthuriarachchi
    Superhero (Employee)
    Forum|alt.badge.img+30

    Hi @NZCNESOSE,
    I guess this is the 1st login attempt after your have setup SSO ? hence its likely that there may have been a issue or difference in setting up SSO as per guidelines. Have you followed directly as per : Achieving Single Sign-On behaviour  in IFS Technical Documentation ?
    Best Regards,
    Yasas

    N
    Sidekick (Partner)
    Forum|alt.badge.img+8
    • NZCNESOSE
    • Author
    • Sidekick (Partner)
    • 26 replies
    • January 20, 2021

    There is not many steps in guideline for Azure AD SSO for IFS Enterprise Explorer (just check “Use Single Sign-On”).  Azure AD authentication is already set and works fine, it’s just SSO on computers that are not joined local Active Domain that are problem.

     

     

    Yasas Kasthuriarachchi
    Superhero (Employee)
    Forum|alt.badge.img+30

    Hi @NZCNESOSE,
    Could you also check as per KBA : What are the prerequisite checks that should be noted regarding SSO Authentication ? 
    Best Regards<
    Yasas

    N
    Sidekick (Partner)
    Forum|alt.badge.img+8
    • NZCNESOSE
    • Author
    • Sidekick (Partner)
    • 26 replies
    • February 15, 2021

    This KBA is about ADFS - we  are using Azure AD.

    NickPorter
    Superhero (Customer)
    Forum|alt.badge.img+18
    • NickPorter
    • Superhero (Customer)
    • 324 replies
    • February 17, 2021

    @NZCNESOSE

    There are multiple pages in the IFS technical documentation about setting up Azure AD. If you haven’t followed those (prerequisites and setup process) then this will never work properly for all conditions.  

    If you try to log in on a PC not connection to your domain, without the “Use SSO” checkbox checked, can you select an AD account and successfully connect?  i.e. not seamless but with no need to enter credentials each time?

    Even simpler - can you access IFS directly from a non-domain connected PC?  To do so I assume that you have published IFS externally to the internet.

    Yasas Kasthuriarachchi
    1 person likes this
    • Yasas Kasthuriarachchi
      Yasas Kasthuriarachchi
    N
    Sidekick (Partner)
    Forum|alt.badge.img+8
    • NZCNESOSE
    • Author
    • Sidekick (Partner)
    • 26 replies
    • February 18, 2021

    Hi

    Azure AD authentication works. Users gets “login page” and can select (or enter) Azure AD account and log in normally without entering password.

    The problem is just “Use SSO” that on some PC configurations does not works.

     

    Neno

    AVNELBEBR
    1 person likes this
    • AVNELBEBR
      AVNELBEBR
    Terms & ConditionsCookie settings

    Cookie policy

    We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

     
    Cookie settings