How to Create Affiliate Applications for Host Initiated SSO
You can define two types of applications:
Individual There is a 1 to 1 relationship between Windows users and non-Windows users.
Host Group Multiple non-Windows users can be mapped to the same Windows account.
To create an affiliate application using the MMC Snap-In
On the Start menu, click All Programs, click Microsoft Enterprise Single Sign-On, and then click SSO Administration.
In the scope pane of the ENTSSO MMC Snap-In, expand the Enterprise Single Sign-On node.
Right-click Affiliate Applications, and then click Create Application to open the Enterprise Single Sign-On Application Wizard.
Use the wizard to select the properties of your affiliate application.
To create an individual type affiliate application using the command line
On the Start menu, click Run.
In the Run dialog box, type cmd, and then click OK.
At the command line, go to the Enterprise Single Sign-On installation directory. The default is <drive>:\Program Files\Common Files\Enterprise Single Sign-On.
Type ssomanage –createapps <AffApp.xml>, where AffApp.xml is the name of the xml file.
Note
On a system that supports User Account Control (UAC), you may need to run the tool with Administrative privileges.
A sample file is shown below:
<?xml version="1.0"?> <SSO> <application name="SSOApp_Host1"> <description>An Individual Type Affiliate Application for Host Initiated SSO</description> <contact>someone@companyname.com</contact> <appUserAccount>DomainName\AppUserGroup_HISSO</appUserAccount> <appAdminAccount>DomainName\AppAdminGroup_HISSO</appAdminAccount> <field ordinal="0" label="User ID" masked="no" /> <field ordinal="1" label="Password" masked="yes" /> <flags windowsInitiatedSSO="no" enableApp="yes" /> </application> </SSO>
To create a host group type affiliate application using the command line
On the Start menu, click Run.
In the Run dialog box, type cmd, and then click OK.
At the command line, go to the Enterprise Single Sign-On installation directory. The default is <drive>:\Program Files\Common Files\Enterprise Single Sign-On.
Type ssomanage –createapps <AffApp.xml>, where AffApp.xml is the name of the xml file.
Note
On a system that supports User Account Control (UAC), you may need to run the tool with Administrative privileges.
A sample file is shown below:
<?xml version="1.0"?> <SSO> <application name="SSOApp_HostGroupApp1"> <description>A Group Type Affiliate Application for Host Initiated SSO associating multiple non-Windows user to a single Windows user account(DomainName\WindowsUserAccount1)</description> <contact>someone@companyname.com</contact> <windowsAccount>DomainName\WindowsUserAccount1</windowsAccount> <appAdminAccount>DomainName\AppAdminGroup_HISSO</appAdminAccount> <field ordinal="0" label="User ID" masked="no" /> <field ordinal="1" label="Password" masked="yes" /> <flags enableApp="yes" /> </application> </SSO>
To create an affiliate application supporting both Windows initiated SSO and host initiated SSO using the command line
On the Start menu, click Run.
In the Run dialog box, type cmd, and then click OK.
At the command line, go to the Enterprise Single Sign-On installation directory. The default is <drive>:\Program Files\Common Files\Enterprise Single Sign-On.
Type ssomanage –createapps <AffApp.xml>, where AffApp.xml is the name of the xml file.
Note
On a system that supports User Account Control (UAC), you may need to run the tool with Administrative privileges.
A sample file is shown below:
<?xml version="1.0" ?> - <SSO> - <application name="SSOApp1"> <description>An Individual Type Affiliate Application for both Host Initiated SSO and Windows Initiated SSO</description> <contact>someone@companyname.com</contact> <appUserAccount>DomainName\AppUserGroup</appUserAccount> <appAdminAccount>DomainName\AppAdminGroup</appAdminAccount> <field ordinal="0" label="User ID" masked="no" /> <field ordinal="1" label="Password" masked="yes" /> <flags enableApp="yes" /> </application> </SSO>