locked
EntSSO Project RRS feed

  • Question

  • With multiple passwords being required at my location I am setting up an EntSSO test environment using BiZTalk.

    There is some confusion on my end and what EntSSO can bring to a production environment.

    I understand that there is domain and multiple domain options for EntSSO.

    The purpose for me using a SSO service is that users can login to various web applications such as Gmail, hotmail, and other similar based web applications.  Prior to beginning our development I would like to know if this is possible or if the web applications must be within our enterprise.


     
    Friday, November 15, 2013 2:56 PM

Answers

  • The EntSSO (despite the name) is not for the purposes of client access. The purpose of the EntSSO is to provide a secure place for storage of credentials that might be required to access other applications/services during integration. While EntSSO provides Web-based SSO also it is for use through the various adapters included and/or built using the BizTalk Adapter Frameworks. It is a service that CANNOT be utilised by multiple desktops in an enterprise to permit users to store multiple credentials (which if I understand your post is your intent). So for the purposes of EAI/SOA if it is required that multiple applications be accessed with credentials different from those of the BizTalk Host Instance running the send handler, EntSSO provides a mechanism to retrieve the credentials (based on Affiliate Applications) to be used during communication with the said applications.

    What you're looking for is something like a wallet which will permit a user to store multiple credentials on the client. Microsoft has/had a product called cardspace which works on the Win 7 clients to provide a common repository for multiple web clients/sites (including live.com for hotmail, etc). There are other components such as ADFS (Active Directory Federation Services).

    Regards.

    Saturday, November 16, 2013 5:56 AM

All replies

  • Yes, a major feature of SSO is the secure credential store.  That's its primary use in BizTalk.

    But, using it for users to connect to Hotmail seems like a stretch.  Since IE has no support for SSO, you'd have to develop some sort of wrapper/plugin to interact with SSO to retrieve the credentials.

    Every SSO scenario I've seen is on the server side where the user logs in to an app once, then that app uses the users' SSO mappings to connect to other apps behing the scene.

    Friday, November 15, 2013 4:04 PM
    Moderator
  • The EntSSO (despite the name) is not for the purposes of client access. The purpose of the EntSSO is to provide a secure place for storage of credentials that might be required to access other applications/services during integration. While EntSSO provides Web-based SSO also it is for use through the various adapters included and/or built using the BizTalk Adapter Frameworks. It is a service that CANNOT be utilised by multiple desktops in an enterprise to permit users to store multiple credentials (which if I understand your post is your intent). So for the purposes of EAI/SOA if it is required that multiple applications be accessed with credentials different from those of the BizTalk Host Instance running the send handler, EntSSO provides a mechanism to retrieve the credentials (based on Affiliate Applications) to be used during communication with the said applications.

    What you're looking for is something like a wallet which will permit a user to store multiple credentials on the client. Microsoft has/had a product called cardspace which works on the Win 7 clients to provide a common repository for multiple web clients/sites (including live.com for hotmail, etc). There are other components such as ADFS (Active Directory Federation Services).

    Regards.

    Saturday, November 16, 2013 5:56 AM
  • Last post made this topic resolved.
    Monday, November 18, 2013 2:22 PM
  • EntSSO is used by BizTalk server infrastructure internally to store any sensitive data. This contains chiefly the adapter-specific part of any send port/receive location configuration for clients.

    http://www.athenainfotech.co.uk/free-biztalk-health-check


    • Edited by Olivia Jones Wednesday, November 27, 2013 9:33 AM To modify content
    Wednesday, November 27, 2013 9:24 AM