Jump to content

Search the Community

Showing results for tags 'adfs'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Hornbill Platform and Applications
    • OpenForWork
    • Announcements
    • Blog Article Discussions
    • General Non-Product Discussions
    • Application Beta Program
    • Collaboration
    • Employee Portal
    • Service Manager
    • IT Operations Management
    • Project Manager
    • Supplier Manager
    • Customer Manager
    • Document Manager
    • Timesheet Manager
    • Live Chat
    • Board Manager
    • Mobile Apps
    • System Administration
    • Integration Connectors, API & Webhooks
    • Performance Analytics
    • Hornbill Switch On & Implementation Questions
  • About the Forum
    • Announcements
    • Suggestions and Feedback
    • Problems and Questions
  • Gamers Club's Games
  • Gamers Club's LFT

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


Organisation


Location


Interests


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Skype

Found 6 results

  1. Hi all, Does anyone have any experience using multiple domains and SSO with Service Manager? We currently have 3 domains in our business, 1 group domain and 2 child company domains. Obviously as our AD structures are separate I will have to set up the LDAP import across all three domains. However we are a little unsure as to how to configure our ADFS server to deal with the three domains. As we are moving towards our Hornbill portal being the one stop shop for all things and I am currently in the process of adding HR, Finance, Procurement and in the future, Facilities on to the portal, users from multiple business units will need access to the portal to raise requests. I don't really want to go down the Citrix route (which is what I have had to do as a stop gap for the time being) as it is quite messy / slow / labour intensive. We share a common intranet so the link to the portal is available to all but as we have not configured ADFS the SSO will not authenticate users from outside our group domain. Any help / guidance anyone can provide will be greatly appreciated. Thanks Dan
  2. From this morning we get an error (below) when trying to access our instance. We use adfs authentication however nothing has changed from 'our side'. Everything was okay yesterday. We updated to the current version of Service Manager (979) yesterday. The instance is available as i can login with the admin account. Please can someone look at this ASAP as we need the service live for Monday morning. I contacted the cloud support number who suggested raising it on here. Regards, Jamie
  3. Hi all, We are almost ready to setup a Task Schedule to start importing Users live from our AD in to Hornbill. I have a question about how the "LDAP_User_Import.exe" utility works with handling existing Users already in the Hornbill system (in our Instance). If a User already exists, what happens to that existing Hornbill Account during Import? Does it get overwritten in all areas, only some areas, or not at all? Are any of these options configurable? Thanks, Lee
  4. Hi. I have raised the issue below with the company that installed and configured ADFS for us prior to going live with Hornbill. It seems there are issues with the service not starting as it should on Monday mornings, thus preventing users from logging calls and analysts accessing service desk. Can be rectified by a manual restart of the service, but I have been asked by the IT manager to log the issue with both Hornbill and the other third party. Long shot, but perhaps someone can advise? This link wasn’t working when trying to log into Hornbill: https://adfs.corby.gov.uk/adfs/ls/?SAMLRequest= When I logged onto the server running ADFS, I noticed that although the service was set to Automatic and should restart for two failures, it was currently stopped. Once I started it, everything started working again. I did notice that there’s a very high volume of errors being logged in the event logs on both the ADFS server in the DMZ and our Here’s what’s being logged on the DMZ server: Log Name: Microsoft-Windows-WebApplicationProxy/Admin Source: Microsoft-Windows-WebApplicationProxy Date: 05/10/2016 13:36:16 Event ID: 12025 Task Category: None Level: Error Keywords: User: NETWORK SERVICE Computer: DMZWEB12 Description: Web Application Proxy encountered an error while retrieving the configuration from configuration storage. Details: Unauthorized (401). (0x80190191). Web Application Proxy will continue to use the existing configuration. Event Xml: <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="Microsoft-Windows-WebApplicationProxy" Guid="{EA19457D-AFB4-4B25-B526-DA576CCE3FE4}" /> <EventID>12025</EventID> <Version>0</Version> <Level>2</Level> <Task>0</Task> <Opcode>0</Opcode> <Keywords>0x8000000000000000</Keywords> <TimeCreated SystemTime="2016-10-05T12:36:16.984269000Z" /> <EventRecordID>277390</EventRecordID> <Correlation /> <Execution ProcessID="776" ThreadID="4176" /> <Channel>Microsoft-Windows-WebApplicationProxy/Admin</Channel> <Computer>DMZWEB12</Computer> <Security UserID="S-1-5-20" /> </System> <EventData> <Data Name="Details">Unauthorized (401). (0x80190191)</Data> </EventData> </Event> And there’s also this: Log Name: AD FS/Admin Source: AD FS Date: 05/10/2016 13:35:47 Event ID: 422 Task Category: None Level: Error Keywords: AD FS User: NETWORK SERVICE Computer: DMZWEB12 Description: Unable to retrieve proxy configuration data from the Federation Service. Additional Data Trust Certificate Thumbprint: CF785071A1682DAF41C6FD80EE24BBE75544FB9D Status Code: Unauthorized Exception details: System.Net.WebException: The remote server returned an error: (401) Unauthorized. at System.Net.HttpWebRequest.GetResponse() at Microsoft.IdentityServer.Management.Proxy.StsConfigurationProvider.GetStsProxyConfiguration() Event Xml: <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="AD FS" Guid="{2FFB687A-1571-4ACE-8550-47AB5CCAE2BC}" /> <EventID>422</EventID> <Version>0</Version> <Level>2</Level> <Task>0</Task> <Opcode>0</Opcode> <Keywords>0x8000000000000001</Keywords> <TimeCreated SystemTime="2016-10-05T12:35:47.609217300Z" /> <EventRecordID>143362</EventRecordID> <Correlation /> <Execution ProcessID="2716" ThreadID="4836" /> <Channel>AD FS/Admin</Channel> <Computer>DMZWEB12</Computer> <Security UserID="S-1-5-20" /> </System> <UserData> <Event xmlns="http://schemas.microsoft.com/ActiveDirectoryFederationServices/2.0/Events"> <EventData> <Data>CF785071A1682DAF41C6FD80EE24BBE75544FB9D</Data> <Data>Unauthorized</Data> <Data>System.Net.WebException: The remote server returned an error: (401) Unauthorized. at System.Net.HttpWebRequest.GetResponse() at Microsoft.IdentityServer.Management.Proxy.StsConfigurationProvider.GetStsProxyConfiguration()</Data> </EventData> </Event> </UserData> </Event> Whilst on the ADFS server on our LAN, we have these being logged: Log Name: AD FS/Admin Source: AD FS Date: 05/10/2016 13:18:10 Event ID: 276 Task Category: None Level: Error Keywords: AD FS User: CBC_NT\adfs_svc Computer: DLOCA12.corby.gov.uk Description: The federation server proxy was not able to authenticate to the Federation Service. User Action Ensure that the proxy is trusted by the Federation Service. To do this, log on to the proxy computer with the host name that is identified in the certificate subject name and re-establish trust between the proxy and the Federation Service using the Install-WebApplicationProxy cmdlet. Additional Data Certificate details: Subject Name: CN=ADFS ProxyTrust - DMZWEB12 Thumbprint: CF785071A1682DAF41C6FD80EE24BBE75544FB9D NotBefore Time: 2016-06-28 13:18:55 NotAfter Time: 2016-07-18 13:18:55 Event Xml: <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="AD FS" Guid="{2FFB687A-1571-4ACE-8550-47AB5CCAE2BC}" /> <EventID>276</EventID> <Version>0</Version> <Level>2</Level> <Task>0</Task> <Opcode>0</Opcode> <Keywords>0x8000000000000001</Keywords> <TimeCreated SystemTime="2016-10-05T12:18:10.166387900Z" /> <EventRecordID>342265</EventRecordID> <Correlation ActivityID="{00000000-0000-0000-7E03-0080000000ED}" /> <Execution ProcessID="3720" ThreadID="5780" /> <Channel>AD FS/Admin</Channel> <Computer>DLOCA12.corby.gov.uk</Computer> <Security UserID="S-1-5-21-1046106778-1520577329-1850952788-14914" /> </System> <UserData> <Event xmlns="http://schemas.microsoft.com/ActiveDirectoryFederationServices/2.0/Events"> <EventData> <Data>CN=ADFS ProxyTrust - DMZWEB12</Data> <Data>CF785071A1682DAF41C6FD80EE24BBE75544FB9D</Data> <Data>2016-06-28 13:18:55</Data> <Data>2016-07-18 13:18:55</Data> </EventData> </Event> </UserData> </Event> Both application logs are recording these events every few seconds/minutes. Anything to be concerned about and any ideas please? Hop you can advise! ADFS is crucial to the operation of our Service Desk, and users are becoming frustrated when they can’t log calls on Monday mornings before ICT staff arrive to start the service manually. I will be copying all of the above to the Hornbill service forum to see if anyone there can advise too. Thanks. P please consider the environment - do you really need to print this email?
  5. We've successfully implemented SSO for our instance but unless we're missing something it is either on or off for all sites - live, admin, service & customer. Our 250+ customers will only ever access Service Manager (via service.hornbill.com) from within our corporate network so single sign-on using ADFS is ideal and this works as expected. However, our analysts will access the live site from anywhere, both inside and outside the network. What we'd ideally like to do is enable SSO for service.hornbill.com but use password authentication for live.hornbill.com. Although we can create separate SSO profiles for each site, SSO seems to be either completely on for all or off for all. We found an single historical forum post suggesting this is true but is this interpretation correct? If so, is there anything in the change pipeline to allow differential site authentication?
  6. Hornbill application is using our ADFS services for authentication and to provide Single Sign On functionality to end users. We are planning to decommission our ADFS environment and use Azure AD for authentication or SSO requests. Could you please send me some instructions as how we can migrate Hornbill application from ADFS to Azure AD? I need your support to follow below action plan: 1: Setup of test URL for Hornbill 2: Configure SSO using Azure AD for Test URL 3: Implement the changes for Live URL Many Thanks
×
×
  • Create New...