JOSSO

SSO does not work for applications running as different user (RunAs)

Details

  • Type: Bug Bug
  • Status: Closed Closed
  • Priority: Major Major
  • Resolution: Work as Designed
  • Affects Version/s: JOSSO 1.8.1
  • Fix Version/s: None
  • Component/s: NTLM Auth Scheme, SSO Gateway
  • Description:
    Hide
    JOSSO's Single Sign On functions do not work when running applications under differens user, i.e. using the "RunAs" command.

    I've tested partnerapp sample with NTLM calling from a Browser (IE6 or Firefox) started by "RunAs", e.g.
        runas.exe /user:<domain>\<user> /netonly iexplore.exe \"http://localhost:8080/partnerapp\""

    After providing the credentials the browser starts and opens the partnerapp.
    SSO works when using RunAs with the current logged on user.
    It does not using a different user.

    I didn't find any hints whether RunAs is configurable or supported.
    Show
    JOSSO's Single Sign On functions do not work when running applications under differens user, i.e. using the "RunAs" command. I've tested partnerapp sample with NTLM calling from a Browser (IE6 or Firefox) started by "RunAs", e.g.     runas.exe /user:<domain>\<user> /netonly iexplore.exe \"http://localhost:8080/partnerapp\"" After providing the credentials the browser starts and opens the partnerapp. SSO works when using RunAs with the current logged on user. It does not using a different user. I didn't find any hints whether RunAs is configurable or supported.
  • Environment:
    Windows XP SP3

Activity

Ascending order - Click to sort in descending order
Hide
Permalink
Gianluca Brigandi added a comment - 22/Oct/09 4:43 PM
NTLM support hasn't been tested in this specific setting.

does a non-JOSSO backed NTLM authentication work ?

please attach gateway and jcifs logs in debug mode corresponding to a failed NTLM session (e.g. runas user different from the currently logged user).

The jcifs (ntlm stack) log level can be increased by including within the $CATALINA_HOME/setenv.sh script the following :
"-Djcifs.util.loglevel=10". The output should be emitted onto the catalina.out file.


 
 
Show
Gianluca Brigandi added a comment - 22/Oct/09 4:43 PM NTLM support hasn't been tested in this specific setting. does a non-JOSSO backed NTLM authentication work ? please attach gateway and jcifs logs in debug mode corresponding to a failed NTLM session (e.g. runas user different from the currently logged user). The jcifs (ntlm stack) log level can be increased by including within the $CATALINA_HOME/setenv.sh script the following : "-Djcifs.util.loglevel=10". The output should be emitted onto the catalina.out file.    
Hide
Permalink
Martin Buch added a comment - 23/Oct/09 3:38 PM
I think I've found the problem. I configured a wrong domain controller with NTLM.
It must be the domain controller that is responsible for the domain used with the RunAs command.

Sorry for the false alarm, you can close the issue.
Show
Martin Buch added a comment - 23/Oct/09 3:38 PM I think I've found the problem. I configured a wrong domain controller with NTLM. It must be the domain controller that is responsible for the domain used with the RunAs command. Sorry for the false alarm, you can close the issue.

People

Dates

  • Created:
    22/Oct/09 3:10 PM
    Updated:
    22/Dec/09 8:56 PM
    Resolved:
    24/Oct/09 3:42 PM
Atlassian JIRA (v4.1.2#531) | Report a problem | Request a feature | Contact administrators
Powered by a free Atlassian JIRA open source license for JOSSO. Try JIRA - bug tracking software for your team.