BizTalk Server 2010: Enterprise SSO Survival Guide

BizTalk Server 2010: Enterprise SSO Survival Guide


Introduction

Enterprise Single Sign-On (ESSO) is an important component of BizTalk Server. ESSO is responsible for securely storing critical information such as secure configuration properties  for the BizTalk adapters. On each computer where BizTalk runtime is installed the ESSO is present. Typically ENTSSO is installed to: C:\Program Files\Common Files\Enterprise Single Sign-On. This article will provide you with the necessary information on ESSO, how to manage and troubleshoot it.

Managing Enterprise Single Sign-On

You can manage the ESSO using two command line tools:
  • SSOManage
  • SSOConfig

These tools can be found in the directory C:\Program Files\Common Files\Enterprise Single Sign-On.

SSOConfig

SSOConfig Commandline commands:

Command
Description
 -setDB  set SQL Server and SSO database names
 -showDB  show the SQL Server and SSO database names
 -createDB  create SSO database
 -upgradeDB  upgrade SSO database
 -generateSecret  generate new SSO master secret
 -backupSecret  backup current SSO master secret
 -restoreSecret
 restore SSO master secret
 -auditLevel  set SSO server audit level (see below)
 -setSSL  set SSL encryption
 -replayFiles  set directory for replay files
 -syncAge  set maximum password age (for password sync)
 -remoteLookup
 allow remote lookup of credentials
 -discover  discover SSO servers
 -status  display SSO server status
 -allowPS  allow password sync (from PCNS or MIIS)
 -reportFilterErrors  report password filter errors (at runtime)
 -scp  Service Connection Points (SCP)

 

Audit Level

There are two audit level settings – the “positive” audit level, which controls audits of things that succeed, and the “negative” audit level, which controls audits of things that fail. The possible values for the audit levels are:

  • 0 = off
  • 1 = low
  • 2 = medium
  • 3 = high
Examples:
ssoconfig -auditlevel
Reports the current audit level

ssoconfig -auditlevel 0 3
Does not report successes; reports high/verbose for failures

ssoconfig -auditlevel 1 1
Reports low for both successes and failures

SSOManage

SSOMange Commandline commands:

Configuration functions

Command
Description
 -server  set SSO server name (for current user)
 -serverall set SSO server name (for all users)
 -showserver show the SSO server name(s)

 

Administration functions

 Command Description
 -updatedb  update SSO database
 -enablesso  enable SSO
 -disablesso  disable SSO
 -tickets  control SSO ticket behavior
 -enable  enable SSO features
 -disable  disable SSO features
 -displaydb  display current SSO database settings

Application functions

 Command Description
 -listapps  list existing applications
 -displayapp  display application information
 -createapps  create new applications
 -deleteapp  delete an existing application
 -updateapps  update existing applications
 -enableapp  enable application
 -disableapp  disable application
 -purgecache  purge the credential cache for an application

Mapping functions

Command
Description
 -listmappings  list mappings for a user
 -createmappings  create mappings for users
 -deletemappings  delete mappings for users
 -enablemapping  enable a single mapping for a user
 -disablemapping  disable a single mapping for a user
 -deletemapping  delete a single mapping for a user
 -setcredentials  set external credentials for a user

Troubleshooting

There is a document that can aid you in troubleshooting BizTalk Server 2010 Setup and MSDN page Troubleshooting Enterprise Single Sign-On. For troubleshooting it is best to turn both audit levels to high:  ssoconfig –auditlevel 3 3.

In case your problem is reproducible, set both the audit levels to high, clear the event log, wait for 1 minute or restart the ENTSSO service (to make sure the ENTSSO service picks up the new audit levels), and try the repro scenario. Take a look in the event log after the reproduction of the problem.

See Also

Another important place to find a huge amount of BizTalk related articles is the TechNet Wiki itself. The best entry point is BizTalk Server Resources on the TechNet Wiki.

Read suggested related topics:

Leave a Comment
  • Please add 4 and 8 and type the answer here:
  • Post
Wiki - Revision Comment List(Revision Comment)
Sort by: Published Date | Most Recent | Most Useful
Comments
  • Steef-Jan Wiggers edited Revision 23. Comment: Minor edit

  • Carsten Siemens edited Revision 21. Comment: Added tag: "has TOC"

  • Randy Ridgely [MSFT] edited Revision 20. Comment: As the commenter noted, the options for the commands were reversed -- SSOManage options under SSOConfig and vice versa. Corrected. Also added examples for audit level.

  • Steef-Jan Wiggers edited Revision 17. Comment: Formatting

  • Steef-Jan Wiggers edited Revision 16. Comment: Added link

  • Steef-Jan Wiggers edited Revision 15. Comment: Added resource link

  • Steef-Jan Wiggers edited Revision 14. Comment: Added text

  • Steef-Jan Wiggers edited Revision 13. Comment: Added text

  • Steef-Jan Wiggers edited Revision 12. Comment: Added resource link

  • Steef-Jan Wiggers edited Revision 11. Comment: Added text

Page 1 of 3 (21 items) 123
Wikis - Comment List
Sort by: Published Date | Most Recent | Most Useful
Posting comments is temporarily disabled until 10:00am PST on Saturday, December 14th. Thank you for your patience.
Comments
  • Steef-Jan Wiggers edited Original. Comment: Added resource links

  • Steef-Jan Wiggers edited Revision 1. Comment: Added text

  • Steef-Jan Wiggers edited Revision 2. Comment: Added table

  • Steef-Jan Wiggers edited Revision 3. Comment: Added text

  • Steef-Jan Wiggers edited Revision 4. Comment: Added text and table

  • Steef-Jan Wiggers edited Revision 5. Comment: Added Audit Level topic

  • Steef-Jan Wiggers edited Revision 6. Comment: Added tables

  • Steef-Jan Wiggers edited Revision 7. Comment: Formatting

  • Steef-Jan Wiggers edited Revision 8. Comment: Added text to table

  • Steef-Jan Wiggers edited Revision 9. Comment: Added text to table

  • Steef-Jan Wiggers edited Revision 10. Comment: Added text to table

  • Steef-Jan Wiggers edited Revision 11. Comment: Added text

  • Steef-Jan Wiggers edited Revision 12. Comment: Added resource link

  • Steef-Jan Wiggers edited Revision 13. Comment: Added text

  • Steef-Jan Wiggers edited Revision 14. Comment: Added text

Page 1 of 2 (25 items) 12