CA Service Management

Hi, I followed this documentss for configure SSO in Service Desk 14.1

https://www.ca.com/us/services-support/ca-support/ca-support-online/knowledge-base-articles.tec602366.html

https://www.ca.com/us/services-support/ca-support/ca-support-online/knowledge-base-articles.tec602279.html

https://www.iis.net/configreference/system.webserver/security/authentication/windowsauthentication

I have the next arquitecture

CA Service Desk was installed in a machine under xxxx domain, and my clients are under yyyy domain and they can access to Service Desk using a VPN (site to site)

My steps:

1. Enable Allow external authentication

2. enable Windows authentication

3. EEM using LDAP for yyyy Domain (Clients)

4. Testing from client yyyy Domain

The fact of the machine of Service Desk is in different domain is the problem?

Thanks!!

Hi Walter,

How do you have SSO configured in SDM? Are you doing it via IIS Pass-Thru authentication?

If you are using EEM for Authentication for SDM, then IIS Pass Thru isn't going to work.  The prompt you are getting appears to be coming from IIS to ask for credentials, but IIS is only going to go to the local domain for which that server belongs to, and not the other domain where the users are.   Generally if you want to use SSO with EEM, you would have to use something like SiteMinder.

Thanks,

Jon I.

Hi,

You can't use AD windows authentication of IIS  for foreign domain.This will never work if you are not in the same forest.(and this is a good think!)

You will need to use ADFS or others tools/ technics like reverse proxy /SAML and/or site minder from CA to archive that.

Only Site Minder configuration will be supported by CA for this type of SSO.

Hope this help

/J