Implementing Single Sign On (SSO) with SharePoint Portal Server


Microsoft SharePoint Portal Server 2003 enables enterprises to develop an intelligent portal that seamlessly connects users, teams, and knowledge so that people can take advantage of relevant information across business processes to help them work more efficiently. Microsoft Windows SharePoint Services and SharePoint Portal Server 2003 have become very popular in recent years and have helped many businesses create an infrastructure for sharing and collaborating internal information.

Intranet users are commonly required to use a separate password to authenticate themselves to each server they need to access in the course of their work. Multiple passwords are an ongoing headache for both users and system administrators. Users have difficulty keeping track of different passwords, tend to choose poor ones, and then write them down in obvious places. Administrators must keep track of a separate password database on each server and deal with potential security problems related to the fact that passwords are sent over the network routinely and frequently.

Single sign-on (SSO) is mechanism whereby a single action of user authentication and authorization can permit a user to access all computers and systems that he or she has access permissions for, without the need to enter multiple passwords.

In large enterprises, It is a very challenging task to authenticate users against SharePoint Portal with the existing single sign on solutions. For example one company might use Netegrity single sign-on solution to authenticate its different applications like HR, Intranet, Employee self service, etc. That same user base wants to use SharePoint Portal solutions also.

This article examines how to integrate 3rd party single sign on solutions such as Netegrity Site Minder with Windows SharePoint Portal 2003 using web page authentication. It explains how to protect SharePoint sites with 3rd party SSO and use the same credentials to login into SharePoint Portal Server.

Read full article on TheServerSide

Read full article on TechNet


Comments (17)

  1. Crucitti Federico says:

    Hello,

    I’m a college student instructed to install SPS here in school in cooperation with Microsoft. I get a serieus error regarding SSO on the server (windows 2003 server). Logged in as admin and opened the page "Sharepoint Portal Server Single Sign-on Administration" I get the following message: "Single Sign-on cannot be configured from this server. To configure Single Sign-on, go to the computer running as the job server and specify these settings locally."

    I’m currently logged on the server where Sharepoint is installed. On the server the SSO is started successfully.

    On top of that, nobody seems to have had ever the same error. So nobody has given me an answer or even a hint so far. I hope someone here can give me an answer. I would be most grateful.

    Thanks.

    Kind regards,

    Federico Crucitti

    (e-mail: fedo_5656@hotmail.com)

  2. Roberdan says:

    Check connection with SPS & AD (firewall etc)

  3. Mike says:

    You cannot set up the single sign on database after SP1 is installed. We did a clean sweep of the server and installed Portal, then set up SSO, then installed SP1. Works like a charm.

  4. Michela says:

    An error appears when I try to Manage Server Settings for Single Sign-On. The error is: "A Single Sign-on error has occurred. Please contact an administrator. Details: Could not find domain controller for this domain." What can I do to solve it?! Thank you!

  5. Veeraj says:

    chack if following conditions are true

    1. Start Single Sign On service.

    2. The SSO service account must have Security Administrator and Database Creator

    permission on SQL server.

    3. This User account must have DBO permission on Configuration Database.

    4. We have to login to the server using Sharepoint Administrator account.

    5. Go to Sharepoint Central Administration and configure Single Sign On service.

    6. Specify the same user account, DB server name and Database name.

    7. If any database is offline, bring it to online or delete it.

    8. If any database is detached from the database, remove it and attach and bring

    the database online.

    Veeraj arasa

    -Microsoft

  6. Shakil Ahmed says:

    Thanks a lot Veeraj.I got good result from your solution.

    Regard,

    Shakil Ahmed

    Software Engineer

    TopSchool,Inc

  7. PS says:

    How to implement SSO to access a web portal from Sharepoint 2007. i.e. the Sharepoint Web application should be configured to access a web portal from it.

  8. Dave says:

    PS – did you find a solution yet? (MOSS & Siteminder)

  9. Lester says:

    I found the following registry entries were missing. create a .reg file, the place these in that file, save and run it to install into registry. Once registry was updated, I had to run the Sharepoint Products and Technologies Configuration Wizard. I was then able to get in and complete my SSO configuration for Sharepoint. Hope this helps.

    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINESOFTWAREMicrosoftShared ToolsWeb Server Extensions12.0WSSServicesMicrosoft.Office.Server.Administration.ApplicationRegistryService]

    "SolutionID"="{7ED6CD55-B479-4EB7-A529-E99A24C10BD3}"

    "AssemblyQualifiedName"="Microsoft.Office.Server.Administration.ApplicationRegistryService, Microsoft.SharePoint.Portal, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71E9BCE111E9429C"

    "ServiceName"="ApplicationRegistryService"

    [HKEY_LOCAL_MACHINESOFTWAREMicrosoftShared ToolsWeb Server Extensions12.0WSSServicesMicrosoft.Office.Server.Administration.ApplicationRegistryServiceMicrosoft.Office.Server.Administration.ApplicationRegistryServiceInstance]

    "SolutionID"="{7ED6CD55-B479-4EB7-A529-E99A24C10BD3}"

    "AssemblyQualifiedName"="Microsoft.Office.Server.Administration.ApplicationRegistryServiceInstance, Microsoft.SharePoint.Portal, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71E9BCE111E9429C"

    "ServiceInstanceName"="ApplicationRegistryServiceInstance"

    [HKEY_LOCAL_MACHINESOFTWAREMicrosoftShared ToolsWeb Server Extensions12.0WSSServicesMicrosoft.Office.Server.Search.Administration.SearchAdminSharedWebService]

    "AssemblyQualifiedName"="Microsoft.Office.Server.Search.Administration.SearchAdminSharedWebService, Microsoft.Office.Server.Search, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71E9BCE111E9429C"

    "ServiceName"="SearchAdminSharedWebService"

    [HKEY_LOCAL_MACHINESOFTWAREMicrosoftShared ToolsWeb Server Extensions12.0WSSServicesMicrosoft.Office.Server.Search.Administration.SearchAdminSharedWebServiceMicrosoft.Office.Server.Search.Administration.SearchAdminSharedWebServiceInstance]

    "AssemblyQualifiedName"="Microsoft.Office.Server.Search.Administration.SearchAdminSharedWebServiceInstance, Microsoft.Office.Server.Search, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71E9BCE111E9429C"

    "ServiceInstanceName"="SearchAdminSharedWebServiceInstance"

    [HKEY_LOCAL_MACHINESOFTWAREMicrosoftShared ToolsWeb Server Extensions12.0WSSServicesMicrosoft.SharePoint.Portal.Administration.PortalService]

    "AssemblyQualifiedName"="Microsoft.SharePoint.Portal.Administration.PortalService, Microsoft.SharePoint.Portal, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71E9BCE111E9429C"

    [HKEY_LOCAL_MACHINESOFTWAREMicrosoftShared ToolsWeb Server Extensions12.0WSSServicesMicrosoft.SharePoint.Portal.Administration.PortalServiceMicrosoft.SharePoint.Portal.Administration.PortalServiceInstance]

    "AssemblyQualifiedName"="Microsoft.SharePoint.Portal.Administration.PortalServiceInstance, Microsoft.SharePoint.Portal, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71E9BCE111E9429C"

    [HKEY_LOCAL_MACHINESOFTWAREMicrosoftShared ToolsWeb Server Extensions12.0WSSServicesMicrosoft.SharePoint.Portal.Administration.SsoService]

    "AssemblyQualifiedName"="Microsoft.SharePoint.Portal.Administration.SsoService, Microsoft.SharePoint.Portal.SingleSignon, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71E9BCE111E9429C"

    "ServiceName"="SSOSRV"

    "URL"=""

    [HKEY_LOCAL_MACHINESOFTWAREMicrosoftShared ToolsWeb Server Extensions12.0WSSServicesMicrosoft.SharePoint.Portal.Administration.SsoServiceMicrosoft.SharePoint.Portal.Administration.SsoServiceInstance]

    "AssemblyQualifiedName"="Microsoft.SharePoint.Portal.Administration.SsoServiceInstance, Microsoft.SharePoint.Portal.SingleSignon, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71E9BCE111E9429C"

    "ServiceInstanceName"=""

    "URL"=""

  10. eportal says:

    what are the pros and cons of the microsoft single sign-on service?

  11. Greg says:

    Can’t believe how silly I am sometimes.  The error "Single sign-on cannot be configured from this server. To configure single sign-on, go to the computer running the single sign-on service and specify these settings locally." was giving me fits.  Somehow I didnt realize it means exactly what it says, you cannot access central admin from any system BUT THE SERVER RUNNING IT!  If you try to access the page on your personal workstation or any system that is not the central admin server, you will get the error.  Just RDP or go directly to the central admin server and it should work.

  12. Nimi Kaul says:

    I am not sure that you are correct. if your farm is directly linked to your domain, you can access the central admin site from any client machine in youe domain. you do not have to remote onto your server to work on central admin. that is the case only if your server is not directly on the network that you are working.