Monday, 15 August 2011

Use single-signon with FTP, SAP and other username/password

There are some of the adapters that doesn't support single-sign on with you domain users that are assigned to you BizTalk Host Instans. This is an issue in BizTalk when you come to deployment and where you don't want your password for a FTP site to be listed in your binding files.

When you configure your FTP Send Port in Biztalk there is an option to select the  SSO Affiliate, which lists your SSO  Affiliate applications from Enterprise Single Sign-On. This is a part of what is needed.

The first thing you need is to have a promoted property on your message called "SSOTicket" and this have to have a specifict value. I do this in a pipeline component, but I thing you also can do this in an Orchestration. The code is as follows:


        public Microsoft.BizTalk.Message.Interop.IBaseMessage Execute(Microsoft.BizTalk.Component.Interop.IPipelineContext pc, Microsoft.BizTalk.Message.Interop.IBaseMessage inmsg)
        {
            ISSOTicket ssoTicket = new ISSOTicket();
            inmsg.Context.Write("SSOTicket", "http://schemas.microsoft.com/BizTalk/2003/system-properties", ssoTicket.IssueTicket(0));
            return inmsg;
        }

Create a send pipeline that uses this pipeline component in the Encode phase.

Set the "Allow Tickets" to yes on the system:


Then you need to create an affiliate application in Enterprise Single Sign-On:


Give it a nice name and remember to check the check boxes:
Use the Biztalk Group that has the host instanse as Application users
Check "Ticket Allowed" and then finish the Wizard.
Click new mapping on the new application you just have created. Check the "Credentials as Windows credentials"
The Window user is the user used by the Biztalk Host Instanse and the External user is your FTP/SAP/Other user

 Type in the password for your external user
Now on your FTP Send port you select the new SSO affiliate application.
This should be it. You now have single sign-on on your FTP sites and you can use your Enterprise Single Sign-on to manage your mappings between domain accounts and external accounts.

Sample code at http://code.msdn.microsoft.com/Use-single-signon-with-FTP-b6414ce8

Random posts: