SSO Issues

Yesterday I was setting up MES clients using instructions created by DOT Net. The instructions were very well written and straight forward. I had created 3 .sysconfig files for MES clients , one for each plant. I setup the password security as instructed in Epicor and configured the first client. It worked. I setup the second computer’s client and the first MES stopped auto logging in as well as the second client did not auto log in.

I called support and was told I needed to create a .sysconfig for every client. I said are you saying for each user that logs into the system who wants to save their password I have to setup a .sysconfig file for that user? The answers was yes leaving me a bit confused. There was nothing mentioned in the DOT Net document about setting up individual .sysconfig files. It does look like if a client that has not been setup to save password logs into the MES the .sysconfig password is wiped out.

I am left with a few unanswered questions: first what am I not understanding and secondly why would Epicor setup the system to wipe out the password ( if in fact that’s what the system is doing) instead of just bringing up the client when the save password is not checked for an Epicor user so a user could log in with an alternate password. Lastly if I am using the same Epicor user for every MES client and the Epicor user has been setup to save the password why doesn’t all clients using that .sysconfig file auto login?

While I am asking questions can anyone tell me why when using Single Sign On Epicor does not bring up the client for the user to use an alternative password if not found in Active Directory? We have a product call Sage Fix Assets and when the client can’t find an active directory account the user is informed the active directory account was not found and the log in screen is provided for the user to use an alternate user name and password. It’s a perfect balance.

Anyone else have this issue or a work around that does not have us creating at a minimum 132 .sysconfig files.

Brinda Whitaker
Tecomet Inc

Split the topic since it wasn’t related to the original issue

In Epicor 10 the username and password are encrypted in the sysconfig file. It uses the ProtectedData class that comes with windows to encrypt / decrypt the information in the sysconfig file

The protection scope it uses is user level not machine level, so technically if your Domain Account uses a Roaming Profile, you can use the sysconfig file on multiple workstations.

However you don’t have to create a sysconfig file for each workstations, if you have different users that want to login automatically each user can setup this for themselves. They need to login to Epicor

Click On Options → Preferences and check the Automatically Sign on Flag

Once they’ve done this, the system will encrypt their password in their sysconfig file.


Brinda, I’ll call you shortly to discuss.