Trying to set up Windows Authentication in our test environment 2024.1.7, but having issues where the user ID I’m testing with shows ‘<userid> is not setup for single sign-on’
User account security management has the domain and domain user ID fields entered for the test user, application server config has ‘Allow Windows Authentication’ checked. Modified the .sysconfig file on the client I’m testing, to change Authentication Mode to ‘Windows’ under and LoginDefault to ‘Windows’ under
Even spun up a second App Server, with Windows as the default Classic Client Authentication method.
Looked in the System Administration Guide, it suggested modifying the web.config file for the instance, but cannot find a line <add scheme=… within the file. I’m guessing the software changed, but the documentation was not updated to reflect it?
No answer for this post, but here’s a gentle reminder to those using Windows Auth. NTLM is now deprecated and increasingly insecure. The recommendation is to migrate to Kerberos.
The error is shown when it cannot translate windows name, provided as “DOMAIN\userName” into ERP user Id. So if the error contains “Domain\Username” verify that such combination is mapped to existing ERP user.
The stuff with add scheme is pure WCF and long gone as Kinetic is ASP.NET Core now.
Figured it out - apparent a difference between what I’d read (or how I’d read it) and how it actually worked. I’d put our full domain into the Domain: field, rather than the local subdomain portion of it. Also had tried entering the Domain\user into the Domain User ID: field, as one portion of the Admin guide seemed to suggest - also not helpful. I’d tried several combinations, apparently never hit on the right one…
In the end, “Domain” contains just our local Windows (sub)domain without any additional suffixes, and “Domain User ID” contains just the UserName.