That can’t possibly be my problem – I’m not using SSO


I’ve had this conversation in email with a few people so I thought I’d have it with everyone.  Even if you don’t use the SSO functions provided in BizTalk Server your BizTalk Server is still using SSO. Ok, so that sounds a little counter-intuitive but here’s why it isn’t:

The SSO functions encrypt important information (like usernames and passwords) securely in the SSO database.  It turns out this storing of information securely in an encrypted database is useful for lots of things that shouldn’t be in plain text in the database.  Indeed BizTalk Server persists the adapter configuration information into the SSO database so that the URI you are receiving from or posting to is not persisted in plain-text in the open.  Hence the Explorer object model (and therefore the BizTalk Explorer tool) is going against the SSO service and database to receive information.  As a result if SSO isn’t running, or if it isn’t “properly setup” you will get SSO errors eventhough you aren’t using SSO at the user level – because we are.

Hopefully that clears it up for everyone.


Comments (2)

  1. Many thanks for clarifying this for us Scott!

    However, for installations and development environments that do not use SSO, this really seems like overkill to have a whole DB and OS service just to store a few encrypted strings. This adds to the installation complexity, and to the operations maintenance and monitoring needs.

    I’d love to see non-SSO-related data moved to the BizTalkMgmtDB in the next update of the product. This data could still be encrypted, perhaps with a Triple-DES key stored in a secure area of the registry.

    BTS 2004 is an amazing product, but my clients and colleagues are finding it very complex to install, understand, deploy, and to manage. This SSO DB and service issue is typical of many areas in which the product can be simplified.

  2. Perhaps SSO should not be presented as an install option but simply installed quietly. This tripped me up as I checked it off buit later got confused when the config framework wizard still asked me questions about SSO.