We are planning to switch over to Windows authentication when we go live with E10. It works correctly in the thick client, but REST services still wants Epicor userIDs and passwords. Is there any way to change this, currently?
No, not currently. The rumor is that Epicor might be working on integrating OAuth as an authentication method but no set time for delivery.
Mark W.
From the help…
Single Sign-On
To keep the REST transfer secure while making it easier for users to access the data, implement the Single Sign-On feature.
You do this by activating Windows Authentication within your system. To activate Windows Authentication:
Access your server machine.
Launch Internet Information Services (IIS) Manager.
Now for the virtual folder, activate the Authentication folder.
Enable Windows Authentication.
This user can now connect to REST services without entering credentials. The system uses the header to verify the account is secure and permitted to access the service.
Note that when you authenticate Windows in the Internet Information Services (IIS) Manager, the TokenResource.svc and other resources that use webHttpBinding (Web.svc, ECC.svc, and so on) cannot start. If you need both token authentication and Windows Authentication to work on the application server, change the webHttpBinding definition in the web.config file. Change the setting to use Windows; by default this setting is set to None.
A company not looking at OAuth would be news. Just saying…
And yes, nothing to announce officially
1 Like
I mean, what Bart said.
1 Like
Thanks, guys. That works, but with a strange wrinkle. If the user’s Epicor password is expired, it still generates an error message, even though it is passing through the Windows credentials. If I log in on the server with a net.tcp client, then I can change the password and then REST services works as expected.
It is a bug and will be fixed in 10.2.100
2 Likes
Hi Bart,
In looking at your instructions above - I am in IIS Manager. With respect the virtual folder you are talking about, do I create a virtual directory under my Epicor Site and enable Windows Authentication for that?
1 Like
you already have application, corresponding to your Epicor App server. You need to enable Windows authentication for it.
Hi Olga,
If you are talking about going to IIS > Select App Site > Authentication > Windows Authentication is already enabled here.
so nothing else should be done there. Next you need to setup mapping between epicor user and domain account in User Account Maintenance
Thank you for the quick response! We have already updated the user accounts under User Security. My account in particular has Require Single Sign on Enabled, Domain and Domain User ID is specified.
then REST should be working. Try to open help page https://server/EpicorApp/api/help/ - it should not ask for credentials
404 - File or directory not found.
The resource you are looking for might have been removed, had its name changed, or is temporarily unavailable.
looks like you dont have REST enabled at all. What version of Epicor you use?
10.2.100.8
well, it is enabled by default. something wrong with your URL probably…
Apologies. I corrected the URL and it prompted me for credentials. When I entered my windows credentials, it let me in.
Browser?
Chrome. Same results in Internet Explorer.