Export (0) Print
Expand All
This topic has not yet been rated - Rate this topic

How to Create Affiliate Applications for Host Initiated SSO

You can define two types of applications:

  • Individual There is a 1 to 1 relationship between Windows users and non-Windows users.

  • Host Group Multiple non-Windows users can be mapped to the same Windows account.

To create an affiliate application using the MMC Snap-In

  1. On the Start menu, click All Programs, click Microsoft Enterprise Single Sign-On, and then click SSO Administration.

  2. In the scope pane of the ENTSSO MMC Snap-In, expand the Enterprise Single Sign-On node.

  3. Right-click Affiliate Applications, and then click New to open the Create New Affiliate Application Wizard.

  4. Use the wizard to select the properties of your affiliate application.

To create an individual type affiliate application using the command line

  1. On the Start menu, click Run.

  2. In the Run dialog box, type cmd, and then click OK.

  3. At the command line, go to the Enterprise Single Sign-On installation directory. The default is <drive>:\Program Files\Common Files\Enterprise Single Sign-On.

  4. Type ssomanage –createapps <AffApp.xml>, where AffApp.xml is the name of the xml file.

    noteNote
    On a system that supports User Account Control (UAC), you may need to run the tool with Administrative privileges.

    A sample file is shown below:

    <?xml version="1.0"?>
    <SSO>
      <application name="SSOApp_Host1">
        <description>An Individual Type Affiliate Application for Host Initiated SSO</description>
        <contact>someone@companyname.com</contact>
        <appUserAccount>DomainName\AppUserGroup_HISSO</appUserAccount>
        <appAdminAccount>DomainName\AppAdminGroup_HISSO</appAdminAccount>
        <field ordinal="0" label="User ID" masked="no" />
        <field ordinal="1" label="Password" masked="yes" />
        <flags windowsInitiatedSSO="no" enableApp="yes" />
      </application>
    </SSO>
    
    

To create a host group type affiliate application using the command line

  1. On the Start menu, click Run.

  2. In the Run dialog box, type cmd, and then click OK.

  3. At the command line, go to the Enterprise Single Sign-On installation directory. The default is <drive>:\Program Files\Common Files\Enterprise Single Sign-On.

  4. Type ssomanage –createapps <AffApp.xml>, where AffApp.xml is the name of the xml file.

    noteNote
    On a system that supports User Account Control (UAC), you may need to run the tool with Administrative privileges.

    A sample file is shown below:

    <?xml version="1.0"?>
    <SSO>
      <application name="SSOApp_HostGroupApp1">
        <description>A Group Type Affiliate Application for Host Initiated SSO associating multiple non-Windows user to a single Windows user account(DomainName\WindowsUserAccount1)</description>
        <contact>someone@companyname.com</contact>
        <windowsAccount>DomainName\WindowsUserAccount1</windowsAccount>
        <appAdminAccount>DomainName\AppAdminGroup_HISSO</appAdminAccount>
        <field ordinal="0" label="User ID" masked="no" />
        <field ordinal="1" label="Password" masked="yes" />
        <flags  enableApp="yes" />
      </application>
    </SSO>
    
    

To create an affiliate application supporting both Windows initiated SSO and host initiated SSO using the command line

  1. On the Start menu, click Run.

  2. In the Run dialog box, type cmd, and then click OK.

  3. At the command line, go to the Enterprise Single Sign-On installation directory. The default is <drive>:\Program Files\Common Files\Enterprise Single Sign-On.

  4. Type ssomanage –createapps <AffApp.xml>, where AffApp.xml is the name of the xml file.

    noteNote
    On a system that supports User Account Control (UAC), you may need to run the tool with Administrative privileges.

    A sample file is shown below:

    <?xml version="1.0" ?> 
    - <SSO>
    - <application name="SSOApp1">
      <description>An Individual Type Affiliate Application for both Host Initiated SSO and Windows Initiated SSO</description> 
      <contact>someone@companyname.com</contact> 
      <appUserAccount>DomainName\AppUserGroup</appUserAccount> 
      <appAdminAccount>DomainName\AppAdminGroup</appAdminAccount> 
      <field ordinal="0" label="User ID" masked="no" /> 
      <field ordinal="1" label="Password" masked="yes" /> 
      <flags  enableApp="yes" /> 
      </application>
      </SSO>
    
    

See Also

Other Resources

Host Initiated SSO

  © 2009 Microsoft Corporation. All rights reserved.
Did you find this helpful?
(1500 characters remaining)
Thank you for your feedback
Show:
© 2014 Microsoft. All rights reserved.