Environment
NetIQ SecureLogin
NSL 8.8
Situation
Unable to configure single sign on to Microsoft Office 365 Online
Can't sso enable MS Office Online
Resolution
Follow the instructions in section 2.7.7 of the SecureLogin 8.8 Installation Guide, "Configuring HTML Basic Authentication for SecureLogin Using Single Sign-on Assistant." See:
Steps:
- Add a new Application definition, selecting Generic Type
- In Name, specify CredentialSelection
- Click OK.
- Navigate to Applications > Generic > CredentialSelection.
- Specify your application definitions in "Definition." The following sample application definition worked for one customer:.
If "adfs.something.com" -in ?domainSet ?Credential "-SYSCREDENTIAL"EndIf
Additional Information
NOTE 1:
The Office Online authentication window comes and goes quickly. The DebugPrint command along with Debug View can be used to make sure SecureLogin is acting on the login dialog.
1. Download Debug View (by sysinternals) from the Microsoft download page
2. Extract and run Debug View. It will show lines from your script that include DebugPrint
3. Add DebugPrint commands to your script. For example, as follows:
DebugPrint "start"
If "adfs.something.com" -in ?domain
DebugPrint "found adfs"
Set ?Credential "-SYSCREDENTIAL"
DebugPrint "credentials entered"
EndIf
DebugPrint "end"
The text in quotations will appear in Debug View as each line of the script is acted upon, thus showing you which lines were executed. There is an option to clear the Debug View log in the "edit" menu.
NOTE 2:
In the example above the problem was solved by using SYSCREDENTIAL, the credentials used for logging into the network. Other credential sets can also be used such as the credentials from another SecureLogin enabled application.
To find the value to use for the ?Set Credential command, open the "Manage Logins" utility from the system tray, and select "My Logins." The left hand column of each login shows the user friendly label, and the right hand column shows the credential Id. Use the credential Id from the right hand column in the Set ?Credential command.
In the screenshot below, for example, the login for "OUTLOOK - Windows Security" has an Id of "OUTLOOK." In this case instead of using "SYSCREDENTIAL" as shown above, use "OUTLOOK" as follows:
Set ?Credential "OUTLOOK"
NOTE 3:
It is possible to configure HTML Basic Authentication for multiple applications. Just create a separate "IF" statement for each one. For example:
If "adfs.something.com" -in ?domain
Set ?Credential "-SYSCREDENTIAL"
EndIf
If "whatever.something.com" -in ?domain
Set ?Credential "OUTLOOK"
EndIf