none
SSO deployment help - BTDF 5.7 RRS feed

  • Question

  • I am using WCF-Custom extension in my adapter. That extension has some variables that I need to
    assign dynamically like ConsumerSecret, Password, Username, HostUrl

    Please advise what am I missinfg or doing wrong 

    I have installed SSO Affiliation configuration on my local (Dev) machine.

    Then on the Root, I created as Add Application Name and provided Key and Value to all above values.

    Now, in my BTDF (Port Binding Master.xml) file

    <TransportTypeData>&lt;CustomProps&gt;&lt;ServiceCertificate vt="8" /&gt;&lt;HttpMethodAndUrl vt="8"&gt;&amp;lt;BtsHttpUrlMapping&amp;gt;&amp;lt;Operation Name="sendSF" Method="POST" /&amp;gt;&amp;lt;/BtsHttpUrlMapping&amp;gt;&lt;/HttpMethodAndUrl&gt;&lt;MaxReceivedMessageSize vt="3"&gt;65536&lt;/MaxReceivedMessageSize&gt;&lt;ClientCertificate vt="8" /&gt;&lt;ProxyUserName vt="8" /&gt;&lt;UseAcsAuthentication vt="11"&gt;0&lt;/UseAcsAuthentication&gt;&lt;SuppressMessageBodyForHttpVerbs vt="8" /&gt;&lt;VariablePropertyMapping vt="8"&gt;&amp;lt;BtsVariablePropertyMapping xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" /&amp;gt;&lt;/VariablePropertyMapping&gt;&lt;SecurityMode vt="8"&gt;Transport&lt;/SecurityMode&gt;&lt;ProxyToUse vt="8"&gt;Default&lt;/ProxyToUse&gt;&lt;EndpointBehaviorConfiguration vt="8"&gt;&amp;lt;behavior name="EndpointBehavior"&amp;gt;&amp;lt;Geico.Adapter.SalesforceoAuth SsoAffiliateApplication="Salesforce" /&amp;gt;&amp;lt;/behavior&amp;gt;&lt;/EndpointBehaviorConfiguration&gt;&lt;TransportClientCredentialType vt="8"&gt;None&lt;/TransportClientCredentialType&gt;&lt;OpenTimeout vt="8"&gt;00:01:00&lt;/OpenTimeout&gt;&lt;UseSSO vt="11"&gt;0&lt;/UseSSO&gt;&lt;UseSasAuthentication vt="11"&gt;0&lt;/UseSasAuthentication&gt;&lt;CloseTimeout vt="8"&gt;00:01:00&lt;/CloseTimeout&gt;&lt;SendTimeout vt="8"&gt;00:01:00&lt;/SendTimeout&gt;&lt;HttpHeaders vt="8"&gt;Content-Type:application/json&lt;/HttpHeaders&gt;&lt;/CustomProps&gt;</TransportTypeData>
    

    I have already included these 2 in my .btdf proj file

    <PropertyGroup>
       <IncludeSSO>true</IncludeSSO>
    </PropertyGroup>
    
    <ItemGroup>
     <PropsFromEnvSettings Include="SsoAppUserGroup;SsoAppAdminGroup" />
    </ItemGroup>
    Now when I do deployment, I get following error

    Target DeploySSO:
                    "C:\Program Files (x86)\Geico.PayOrder for BizTalk 1.0.0\1.0\Deployment\Framework\DeployTools\SSOSettingsFileImport.exe" "Geico.PayOrder" /settingsFile:"C:\Program Files (x86)\Geico.PayOrder for BizTalk 1.0.0\1.0\Deployment\EnvironmentSettings\Exported_LocalSettings.xml" /userGroupName:"ABC\BizTalk Application Users" /adminGroupName:"ABC\BizTalk Server Administrators"
                    Error persisting to SSO:
                    System.Runtime.InteropServices.COMException (0xC0002A22): The account name is not valid or does not exist. See the event log (on computer '(myserverName') for more details.
                    
                       at Microsoft.BizTalk.SSOClient.Interop.ISSOAdmin.CreateApplication(String applicationName, String description, String contactInfo, String userGroupName, String adminGroupName, Int32 flags, Int32 numFields)
                       at SSOSettingsFileManager.SSOHelper.CreateApp(String appName, String userGroup, String adminGroup)
                       at SSOSettingsFileManager.SettingsFileImport.SaveSettingsToSSO(String affiliateAppName, String inSettings, String userGroupName, String adminGroupName)
                       at SSOSettingsFileManager.SettingsFileImport.Main(String[] args)
                    C:\Program Files (x86)\Geico.PayOrder for BizTalk 1.0.0\1.0\Deployment\Framework\BizTalkDeploymentFramework.targets(1752,5): error MSB3073: The command ""C:\Program Files (x86)\Geico.PayOrder for BizTalk 1.0.0\1.0\Deployment\Framework\DeployTools\SSOSettingsFileImport.exe" "Geico.PayOrder" /settingsFile:"C:\Program Files (x86)\Geico.PayOrder for BizTalk 1.0.0\1.0\Deployment\EnvironmentSettings\Exported_LocalSettings.xml" /userGroupName:"ABC\BizTalk Application Users" /adminGroupName:"ABC\BizTalk Server Administrators"" exited with code -1.
                Done building target "DeploySSO" in project "Deployment.btdfproj" -- FAILED.
            Done building target "DeployBizTalkMgmtDB_true" in project "Deployment.btdfproj" -- FAILED.
        Done building target "ServerDeploy" in project "Deployment.btdfproj" -- FAILED.
    Done building target "Deploy" in project "Deployment.btdfproj" -- FAILED.

    Done building project "Deployment.btdfproj" -- FAILED.

    Build FAILED.


    RH

    Tuesday, September 10, 2019 8:40 PM

All replies

  • Have you set the SsoAppUserGroup and SsoAppAdminGroup to the correct groups in your SettingsFileGenerator.xml for that environment?

    Also note that I believe BTDF imports the Environment settings as SSO Configuration key/value pairs, rather than as SSO Affiliate Applications.

    Tuesday, September 10, 2019 9:10 PM
  • I am using Local Development for deployment. Does this needs to be different ? If so what it needs to be and where to check and confirm these groups ?

    For your 2nd suggestion, I did not understand. Do I need to modify anything ?


    RH

    Tuesday, September 10, 2019 9:16 PM
  • The name of those need to match those of the environments, those looks like the default ones and probably not correct.  Open up Microsoft BizTalk Server Configuration and select Enterprise SSO and look at the Windows accounts section there, those are the Windows Groups you need.

    Without seeing your custom behavior I'm not sure which type of SSO settings you are using, it could be either.  So try it and see.   However if you want to use some adapters with the SSO Affiliate settings it does make a difference.

    Tuesday, September 10, 2019 10:27 PM
  • well if you see this Transport setting SsoAffiliateApplication="Salesforce"

    Salesforce is the ApplicationName I created in SSO Application Configuration.msc

    In this I provided with Secret Key, Secret Password, Username, Token when connecting to Salesforce. So I want to set this values as per environment 

    To do so, do I need to set these values both in SettingsFileGenerator.xml and also manually in SSO Affiliate Application ? 

    <TransportTypeData>&lt;CustomProps&gt;&lt;ServiceCertificate vt="8" /&gt;&lt;HttpMethodAndUrl vt="8"&gt;&amp;lt;BtsHttpUrlMapping&amp;gt;&amp;lt;Operation Name="sendSF" Method="POST" /&amp;gt;&amp;lt;/BtsHttpUrlMapping&amp;gt;&lt;/HttpMethodAndUrl&gt;&lt;MaxReceivedMessageSize vt="3"&gt;65536&lt;/MaxReceivedMessageSize&gt;&lt;ClientCertificate vt="8" /&gt;&lt;ProxyUserName vt="8" /&gt;&lt;UseAcsAuthentication vt="11"&gt;0&lt;/UseAcsAuthentication&gt;&lt;SuppressMessageBodyForHttpVerbs vt="8" /&gt;&lt;VariablePropertyMapping vt="8"&gt;&amp;lt;BtsVariablePropertyMapping xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" /&amp;gt;&lt;/VariablePropertyMapping&gt;&lt;SecurityMode vt="8"&gt;Transport&lt;/SecurityMode&gt;&lt;ProxyToUse vt="8"&gt;Default&lt;/ProxyToUse&gt;&lt;EndpointBehaviorConfiguration vt="8"&gt;&amp;lt;behavior name="EndpointBehavior"&amp;gt;&amp;lt;Geico.Adapter.SalesforceoAuth SsoAffiliateApplication="Salesforce" /&amp;gt;&amp;lt;/behavior&amp;gt;&lt;/EndpointBehaviorConfiguration&gt;&lt;TransportClientCredentialType vt="8"&gt;None&lt;/TransportClientCredentialType&gt;&lt;OpenTimeout vt="8"&gt;00:01:00&lt;/OpenTimeout&gt;&lt;UseSSO vt="11"&gt;0&lt;/UseSSO&gt;&lt;UseSasAuthentication vt="11"&gt;0&lt;/UseSasAuthentication&gt;&lt;CloseTimeout vt="8"&gt;00:01:00&lt;/CloseTimeout&gt;&lt;SendTimeout vt="8"&gt;00:01:00&lt;/SendTimeout&gt;&lt;HttpHeaders vt="8"&gt;Content-Type:application/json&lt;/HttpHeaders&gt;&lt;/CustomProps&gt;</TransportTypeData>

    Please advise if anyone have experienced this, your input will help


    RH

    Wednesday, September 11, 2019 12:36 AM
  • Yes, I see that your Geico.Adapter.SalesforceoAuth EndpointBehaviorConfiguration has a setting called  SsoAffiliateApplication, however just because the parameter is called that doesn't mean it is an SSO Affiliate Application.

    We avoid putting passwords and secrets in BTDF packages as this is not secure as the settings file will be unencrypted in the deployment folder, or can be extracted from the MSI.     We tend to create the SSO affiliate application by running a batch file with some XML files and then set the password, secret etc. manually afterwards.    As this only needs to be set once (unless it changes), and not with every deployment we don't see the need to do it via BTDF.

    Wednesday, September 11, 2019 3:31 AM