SecureLogin will not login to MS Office 365 Online

  • 7025111
  • 20-May-2021
  • 28-Jun-2021

Environment

NetIQ SecureLogin
NSL 8.8

Situation

Unable to configure single sign on to Microsoft Office 365 Online
Can't sso enable MS Office Online

Resolution

Follow the instructions in section 2.7.7 of the SecureLogin 8.8 Installation Guide,  "Configuring HTML Basic Authentication for SecureLogin Using Single Sign-on Assistant."   See:  

Steps:
  1.  Add a new Application definition, selecting  Generic Type
  2.  In Name, specify   CredentialSelection 
  3.  Click OK.
  4. Navigate to Applications > Generic > CredentialSelection.
  5. Specify your application definitions in "Definition."   The following sample application definition worked for one customer:.
If "adfs.something.com" -in ?domain
   Set ?Credential "-SYSCREDENTIAL"
EndIf


Additional Information


NOTE 1:
The Office Online authentication window comes and goes quickly. 

 The DebugPrint command along with Debug View can be used to make sure SecureLogin is acting on the login dialog.
1. Download Debug View (by sysinternals) from the Microsoft download page
2. Extract and run Debug View.  It will show lines from your script that include DebugPrint
3. Add DebugPrint commands to your script.  For example, as follows:  
DebugPrint "start"
If "adfs.something.com" -in ?domain
DebugPrint "found adfs"
   Set ?Credential "-SYSCREDENTIAL"
DebugPrint "credentials entered"
EndIf
DebugPrint "end"

The text in quotations will appear in Debug View as each line of the script is acted upon, thus showing you which lines were executed.  There is an option to clear the Debug View log in the "edit" menu.

NOTE 2:
In the example above the problem was solved by using SYSCREDENTIAL, the credentials used for logging into the network.  Other credential sets can also be used such as the credentials from another SecureLogin enabled application.  

To find the value to use for the ?Set Credential command, open the "Manage Logins" utility from the system tray, and select "My Logins."  The left hand column of each login shows the user friendly label, and the right hand column shows the credential Id.  Use the credential Id from the right hand column in the Set ?Credential  command.

In the screenshot below, for example, the login for "OUTLOOK - Windows Security" has an Id of "OUTLOOK."   In this case instead of  using "SYSCREDENTIAL" as shown above, use "OUTLOOK" as follows:
 Set ?Credential "OUTLOOK" 



NOTE 3:  
It is possible to configure HTML Basic Authentication for multiple applications.  Just create a separate "IF" statement for each one.  For example:
If "adfs.something.com" -in ?domain
   Set ?Credential "-SYSCREDENTIAL"
EndIf

If "whatever.something.com" -in ?domain
   Set ?Credential "OUTLOOK"
EndIf