tags:

views:

151

answers:

1
+1  Q: 

What's EntSSO for in BizTalk Server?

Microsoft's Enterprise SSO server is bundled with BizTalk Server - I'm fairly familiar with how to configure it, make sure it's working, etc. My questsion is, what exactly does it do, and how does it do it?

My best understanding is that it is used to securely store configuration for things like ports and adapters, because configuration items often include things like credentials, passwords, connection strings, etc. In terms of "how it works", my best guess is that the configuration values are stored encrypted in an SSO database, and the "master secret" is simply the encryption key that only privileged credentials (like the one running the BizTalk hosts) have access to, so they can use it to access the encrypted configuration.

Can someone shine some light on this and point out where this is right/wrong?

+3  A: 

You're pretty close overall. EntSSO is used by BizTalk internally to store any sensitive data. This includes particularly the adapter-specific part of any send port/receive location configuration.

But that's not all EntSSO does; it can also be used to provide credential mapping services between Windows and non-windows systems, by storing sets of encrypted credentials for other applications and mapping within them. Basically, this can be used to provide single sign-on services when building BizTalk solutions so that BizTalk can "act as" a specific user when doing stuff on their behalf.

For example, you could have BizTalk receive a message over an HTTP/SOAP receive location set up with Windows Integrated authentication, and then let BizTalk flow that authentication information over to an FTP send port where the Windows user credential is mapped to a specific username/password combination associated to it so that BizTalk can authenticate as said user to the FTP server. With this, different Windows Users sending messages to BizTalk would result in separate FTP connections created with different credentials on the other end (this is different from the default BizTalk behavior of using a single credential for all operations on a send port).

Obviously EntSSO offers a bunch of other options beyond this, but that's kinda the big deal.

BTW, the BizTalk docs actually contain a fairly extensive section on EntSSO that is pretty useful.

tomasr  2009-11-21 18:47:25

related questions

Using Apache's mod_auth across multiple sub-domains for single sign-on?
Windows Authentication for remote reporting services
How to open a link from one web app to another already authenticated?
Know of SSO turnkey Appliance with ldap, radius, openid, etc?
what is SSO
How can I share user sessions across multiple domains using Rails?
Is OpenID a flawed concept?
Can I abandon an InProc ASP.NET session from a session different than one making the request?
Sun Access Manager
SharePoint SSO with a PHP application on a different server?
SSO between ASP.NET, ASP and PHP
URL Based Authentication Link
How do I create a network of sites that understand single sign-on?
BizTalk resolving SSO error "Unable to redeem ticket, no ticket exists in the message"
Which SSO Framework to use?
How do I get user informations from a session id in ASP.NET ?
What are some ADFS alternatives for doing single sign on for an ASP.NET app with users in active directory?
SSO in webpages
Getting windows/domain credentials in asp.net while allowing anonymous access in IIS
IIS Authentication across servers
How do I get logout to work on RubyCAS-Server?
Strategy for single sign on with legacy applications
dotNetNuke/Moodle integration
Single Sign On across multiple domains
OpenID as a Single Sign On option??