Many people are having doubts and reaching to me to provide some explanations on how to configure the SSO Application Configuration that I recently published and, consequently, they are facing some problems/issue on using the tool. So, I decided to write this post to properly document this tool and explain how you can easily start using it.
Where can I use this SSO Application Configuration tool?
The first thing that you need to be aware of is that I release 3 different versions of this tool:
- BizTalk Server SSO Application Configuration Tool for BizTalk Server 2016
- BizTalk Server SSO Application Configuration Tool for BizTalk Server 2013 R2
- BizTalk Server SSO Application Configuration Tool for BizTalk Server 2013
And the reason behind that is that each different version of BizTalk Server uses a particular version of Microsoft.EnterpriseSingleSignOn.Interop.dll – BizTalk Server 2016 will use 10.0.1000.0 version. So, each version of the tool will only work properly for that specific BizTalk Server version.
If you want to use the tool for example in BizTalk Server 2010, then you need to use Assembly Binding Redirection in the machine configuration file (Machine.config):
- 32-bit: c:\Windows\Microsoft.NET\Framework\[version]\config\machine.config
- 64-bit: c:\Windows\Microsoft.NET\Framework64\[version]\config\machine.config
Check for more information here.
What do I need to do to start using the SSO Application Configuration tool?
When you download the SSO Application Configuration tool, by default it will not work in your environment because it has my personal configurations for my LAB machine.
To properly use this tool, you need to first configure your environment settings by:
- Execute the SSO Application Configuration tool;
- And then select the “Settings” option from the top menu option;
- This will pop up the “SSO Application Configuration Setting” windows and there you need to configure:
- AppAdminAcct: SSO Administrator Group – Administrators of the Enterprise Single Sign-On (SSO) service.
- This is used to define the counts that have access to use this tool
- ContactInfo: Internal field that is normally in the format of an email that is used internally in SSO tables for Application Configurations.
- AppUserAcct: SSO Affiliate Administrators Group – Administrators of certain SSO affiliate applications.
- This is used to describe the accounts that can access the configurations
- AppAdminAcct: SSO Administrator Group – Administrators of the Enterprise Single Sign-On (SSO) service.
The “AppAdminAcct” and “AppUserAcct” fields are easy to understand, they need to be the BizTalk Groups that you have created in your environment. Nevertheless, with this tool is not mandatory that the “AppUserAcct” has to be “SSO Affiliate Administrators Group”, you can for example change that for “BizTalk Application Users”.
However, the “ContactInfo” may raise some doubts. To demystify this value here are the rules for its definition:
- If you don’t have any application configuration created in your environment: this field can be any value, that normally is defined in kind of “email format”, for example, “BizTalkAdmin@Sandro Pereira.com”.
- If you already have application configuration created in your environment: created by other SSO Application or by MSFT SSO Application Configuration snap-in then you need to use the value that is already defined in your system.
I already have application configuration created in my environment, so, how can I properly configure the “ContactInfo” property?
The SSO Application Configuration tool is fully compatible with MSFT SSO Application Configuration snap-in. But to additional clarify this field, let me explain how MSFT snap-in works:
- When you install the MSFT SSO Application configuration snap-in, during the installation process it will ask you for a company name, I set mine as “Sandro Pereira”.
- Once you open the MSFT SSO Application configuration snap-in you will see that the tool will use it the company name that you defined in the installation process + “SSO Application Configuration” in the Application tree root
- Also, “behind doors” all the application that you create will use “BizTalkAdmin@” + company name + “.com” as the contact info, mine is “BizTalkAdmin@Sandro Pereira.com”.
- You can validate this value in the BizTalk SSO Database in the table “SSOX_ApplicationInfo” using the following SQL query:
USE [SSODB] GO SELECT DISTINCT [ai_contact_info] FROM [SSODB].[dbo].[SSOX_ApplicationInfo]
- The result you get will be something like this:
-
- someone@companyname.com and someone@microsoft.com are internally used by BizTalk (at least the last one) – please do not use that value or change these values.
So, to put my tool compatible with MSFT tool you need to go to “Settings” and property the contact info with that specific value, again in my case: “BizTalkAdmin@Sandro Pereira.com”.
Note: Additional you have and use different contact info values to be used in different context/teams and for them to have only access to a subset of all your Application Configurations. This is something that the MSFT tool will not allow you to do.
Hi Sandro,
Thank you for sharing this amazing tool.
I would like to store config’s credentials by using command prompt.
I created the affiliate application type ConfigStore. But I faced the issue when entering the credentials (-setcredentials command), error detail is: ERROR: 0x80070057 : The parameter is incorrect.
Do you have any idea on this?
Thanks,
Quy HO