Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Rhinorhino on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

CE 10 - More Single Sign On Issues

Status
Not open for further replies.
Nuffsaid

Nuffsaid

Technical User
Joined
Aug 3, 2001
Messages
374
Location
CA
Hi All,

I’m trying to do away with the log on screen using Single Sign On and Windows NT Authentication in CE 10. Using IIS 5 in my test environment, I’ve got the Win NT Authentication working, however I can’t get rid of the log on screen, even after changing the default authentication in logon.csp and logonform.csp. I’ve followed the instructions in the Admin Guide and the Knowledge Base articles to the letter but I’m still presented with the log on screen.

My ultimate goal is to get this working in my production environment, which uses IIS 6. My main concern is that if I’m having this much trouble using 5, what’s it going to be like trying this in 6, with all the additional security???

All suggestions / ideas welcome.



Nuffsaid.
"This Week, We're Stampeding!!
 
Sort by date Sort by votes
So from the logon screen you can leave the username and password blank and just click logon and it works?

can you post your logon.csp?

Kingfisher
 
Upvote 0 Downvote
Hi Kingfisher,

Yep, you got it. Leave it blank, click Log On and I'm in.

Contents of logon.csp;

<!--
File Version Start - Do not remove this if you are modifying the file
Build: 10.0.0
File Version End

(c) 2003 Crystal Decisions, Inc. All rights reserved.
This code or any derivative work thereof may not be distributed without the express written
permission of Crystal Decisions, Inc.
-->

<%@ language=JavaScript codepage=65001 %>
<%
// logon.csp
//
// This file handles logon, logoff, sign up, and change password.
//

// *********************************************************************
// SERVER-SIDE STRING VARIABLES FOR LOCALIZING
// *********************************************************************
var L_PASSWORD_EXPIRED = "Password Expired";
var L_NO_LOGON_RIGHT = "You are not allowed to log on to %1";
var L_SIGNUP_NO_LOGON_RIGHT = "The account is created, but it does not have the right to log on.";
// *********************************************************************
%>

<!-- #include file="setcodepage.csp" -->
<!-- #include file="helper_js.csp" -->
<!-- #include file="customize.csp" -->
<!-- #include file="onnewsession.csp" -->
<!-- #include file="globals.csp" -->
<!-- #include file="handleerror_js.csp" -->

<%
try
{
// PREVENT BROWSER FROM CACHING THE PAGE
SetPageExpiry();

// ********************************************
// *** DEFAULT GUEST USER LOGON INFORMATION ***
// ********************************************
var defaultaps = Request.ServerVariables.Item("WCS_NAME_SERVER");
var defaultusr = "";
var defaultpwd = "";
var defaultaut = "secWindowsNT";

// ********************************************
var aps = defaultaps;
var usr = defaultusr;
if(Request.Form.Item("usr").Count != 0)
usr = Request.Form.Item("usr");

var pwd = defaultpwd;
if(Request.Form.Item("pwd").Count != 0)
pwd = Request.Form.Item("pwd");

var aut = defaultaut;
if(Request.Form.Item("aut").Count != 0)
aut = Request.Form.Item("aut");
// ********************************************

// IF THERE ISN'T AN EXISTING SESSION
if( !GetSession("IStore") || typeof(GetSession("IStore")) != "object" )
LogonUser(usr, pwd, aps, aut, false);
// IF THERE IS AN EXISTING SESSION
else
{
// ****************************************
// LOGOFF CURRENT USER ACCOUNT
// ****************************************
if( Request.QueryString.Item("action") == "logoff" )
{
LogoffUser();
LogonUser(usr, pwd, aps, aut, false);
}
// ****************************************
// EXIT TO LAUNCHPAD
// ****************************************
else if( Request.QueryString.Item("action") == "exit" )
{
LogoffUser();
Session.Abandon();
Response.Redirect(URL_EXIT);
}
// ****************************************
// ASSIGN NEW PASSWORD
// ****************************************
else if( Request.QueryString.Item("action") == "newpwd" )
{
var newpwd;
var oldpwd;
newpwd = Request.Form.Item("newpwd");
oldpwd = Request.Form.Item("oldpwd");

try
{
var iStore = GetSession("IStore");
iStore.EnterpriseSession.UserInfo.SetPassword(oldpwd, newpwd);

if( iStore.EnterpriseSession.UserInfo.UserId == GUEST_ID )
{
Response.Redirect(GetGuestPage(true, 0));
}
else
{
var ePortObj = GetEportfolioObj(iStore, true)
var favRight = CheckRight(ePortObj, ceEPortfolioRightFavorites);

Response.Redirect(GetPersonalPage(true, 0, favRight));
}
}
catch(e)
{
SetSession("ErrMessage", e.description);
Response.Redirect("newpwdform.csp");
}
}
// ****************************************
// SIGN UP NEW USER
// ****************************************
else if( Request.QueryString.Item("action") == "newusr" )
{
var fname;
var newusrparams;
fname = Request.Form.Item("fullname");

usr = Trim(String(Request.Form.Item("username")));
pwd = Request.Form.Item("password");

try
{
CreateNewUser(fname, usr, pwd);
}
catch(e)
{
SetSession("ErrMessage", e.description);
newusrparams = "fullname=" + Server.URLEncode(fname) + "&username=" + Server.URLEncode(usr);
Response.Redirect("signup.csp?" + newusrparams);
Response.End();
}
LogonUser(usr, pwd, aps, aut, true);
}
else
{
// IF USER IS GUEST THEN REDIRECT TO GUEST VIEW
try
{
var iStore = GetSession("IStore");
var uid = iStore.EnterpriseSession.UserInfo.UserId;
if(uid == GUEST_ID)
{
Response.Redirect(GetGuestPage(true, 0));
}
else
{
var ePortObj = GetEportfolioObj(iStore, true)
var favRight = CheckRight(ePortObj, ceEPortfolioRightFavorites);

Response.Redirect(GetPersonalPage(true, 0, favRight));
}
}
catch(e)
{
LogoffUser();
LogonUser(usr, pwd, aps, aut, false);
}
}
}
}
catch(e)
{
WriteErrorRetrieve(e);
}


// ********************************************
// *** CreateNewUser Sub
// ********************************************
function CreateNewUser( fullname, userName, password )
{
// SET OUR ENTERPRISE SESSION
var iStore = GetSession("IStore")
var es = iStore.EnterpriseSession;

// CREATE THE NEW USER OBJECT
var pmgr = es.PluginManager;
var userPlugin = pmgr.PluginInfo("CrystalEnterprise.User");
var newCollection = iStore.NewInfoObjectCollection();
var newObj = newCollection.Add(userPlugin);
var newUser = newObj.PluginInterface("");

// SET THE PROPERTIES
newObj.Title = userName;
newUser.FullName = fullname;
newUser.NewPassword = password;

iStore.Commit(newCollection);
}


// ********************************************
// *** GetDesktopSettings Function
// *** - get the desktop settings from UserInfo.ProfileString
// *** - set the cookies for each setting
// *** - returns the "view" setting
// ********************************************
function GetDesktopSettings(SessionObj)
{
var ret = DEF_VIEW;

var strDesktopSettings = String(SessionObj.UserInfo.ProfileString("desktopsettings"));

if( strDesktopSettings == "" )
{
// SET DEFAULT SETTINGS VALUES
strDesktopSettings = "view=" + DEF_VIEW;
strDesktopSettings += "&vwm=" + DEF_VWM;
strDesktopSettings += "&dv0=" + DEF_DV;
strDesktopSettings += "&dv1=" + DEF_DV;
strDesktopSettings += "&dv2=" + DEF_DV;
strDesktopSettings += "&dv3=" + DEF_DV;
strDesktopSettings += "&dv4=" + DEF_DV;
strDesktopSettings += "&cbr=" + DEF_CBR;
strDesktopSettings += "&vwr=" + DEF_VWR;
strDesktopSettings += "&list=" + DEF_LIST;
strDesktopSettings += "&rpp=" + DEF_RPP;
strDesktopSettings += "&zone=" + DEF_ZONE;
strDesktopSettings += "&dvprint=" + DEF_DVPRINT;

if ( GetLang() == "en" )
strDesktopSettings += "&unit=" + DEF_EN_UNIT;
else
strDesktopSettings += "&unit=" + DEF_NON_EN_UNIT;
}

// clear any existing preference cookies
SetCookie("ePortfolio_prefs", "");
SetCookiePath("ePortfolio_prefs", "/");

var ss = strDesktopSettings.split("&");

var i;
var sss;
for(i = 0; i < ss.length; ++i)
{
sss = ss.split("=");

if(sss[0].indexOf("ePortfolio_") != -1)
{
// v8.0 preference

sss[0] = sss[0].replace(/ePortfolio_/, "");
if(sss[0] == "expo") // no longer supported
continue;
else if(sss[0] == "csn") // user pref stylesheets no longer supported
continue;
}

SetSubCookie("ePortfolio_prefs", sss[0], sss[1]);
SetCookiePath("ePortfolio_prefs", "/");

if(sss[0] == "view")
ret = Number(sss[1]);

// SET TIMEZONE VALUE.
if(sss[0] == "zone")
SessionObj.TimeZone = Number(sss[1]);
}

return ret;
}


// FUNCTION WHICH LOGS OFF THE CURRENT USER
function LogoffUser()
{
try
{
// RELEASE THE LOGON TOKEN
var iStore = GetSession("IStore");
var ltm = iStore.EnterpriseSession.LogonTokenMgr;

var logontoken = GetCookie("ePortfolio_logontoken");
if(logontoken != "")
ltm.ReleaseToken(logontoken);
}
catch(e)
{
// do nothing
}
SetCookie("ePortfolio_logontoken", "");
Session.Contents.RemoveAll();
}

// FUNCTION WHICH LOGS ON A NEW USER
function LogonUser( username, password, apsname, authentication, bSignUp )
{
var logonInfo;
var sm;
var es;
var ltm;
var viewSetting;

// INSTANTIATE INFOSTORE OBJECT FOR SESSION
if(!GetApplication("SessionMgr") || typeof(GetApplication("SessionMgr")) != "object")
{
Application.Lock();
SetApplication("SessionMgr", Server.CreateObject("CrystalEnterprise.SessionMgr"));
Application.Unlock();
}
sm = GetApplication("SessionMgr");

// SET THE SOCKS SERVER IF ANY
sm.SOCKSURI = Request.ServerVariables.Item("WCS_SOCKS_URI");

// LOGON USER
try
{
logonInfo = LogonAndCheckRight(sm, username, password, apsname, authentication);
es = logonInfo.es;
}
catch(e)
{
// IF ATTEMPTING TO LOG ONTO GUEST ACCOUNT FAILS WE DON'T WANT TO DISPLAY ERROR MESSAGE SO JUST SHOW LOGON FORM
if( usr == defaultusr && pwd == defaultpwd && aut == defaultaut )
{
Response.Redirect("logonform.csp?action=logoff");
Response.End();
}
else
{
SetCookies_LogonInfo(usr, aut);
SetSession("ErrMessage", e.description);
Response.Redirect("logonform.csp?action=logonerror");
Response.End();
}
}

// If user has no logon right.
if (null == es)
{
var errMsg = "";
if (bSignUp)
errMsg = L_SIGNUP_NO_LOGON_RIGHT;
else
errMsg = L_NO_LOGON_RIGHT.replace(/%1/g, APP_NAME);
SetSession("ErrMessage", errMsg);
Response.Redirect("logonform.csp?action=norighterror");
Response.End();
}

viewSetting = GetDesktopSettings(es);

// STORE THE INFOSTORE SESSION IN OUR SESSION VARIABLE
var iStore = logonInfo.iStore;
SetSession("IStore", iStore);

onNewSession(iStore);

var favRight = CheckRight(logonInfo.ePortObj, ceEPortfolioRightFavorites);

// IF NOT GUEST LOGON THEN GET USERS DESKTOPSETTINGS
if(iStore.EnterpriseSession.UserInfo.UserId != GUEST_ID )
SetCookies_LogonInfo(username, authentication);

// SET THE LOGON TOKEN MANAGER
ltm = es.LogonTokenMgr;

// WRITE THE LOGONTOKEN TO A COOKIE
SetCookie("ePortfolio_logontoken", ltm.CreateLogonTokenEx("", 480, -1));

// CHECK IF PASSWORD HAS EXPIRED FOR ENTERPRISE AUTHENTICATION ONLY
if( authentication == "secEnterprise" )
{
if( es.UserInfo.PasswordExpiry != 0 )
{
if( iStore.EnterpriseSession.UserInfo.UserId == GUEST_ID )
// REDIRECT TO GUEST VIEW
Response.Redirect(GetGuestPage(false, viewSetting));
else
Response.Redirect(GetPersonalPage(false, viewSetting, favRight));
}
else
{
SetCookies_LogonInfo(usr, aut);
SetSession("ErrMessage", L_PASSWORD_EXPIRED);
Response.Redirect("newpwdform.csp");
}
}
else
Response.Redirect(GetPersonalPage(false, viewSetting, favRight));
}

// ********************************************
// *** GetPersonalPage Function
// *** - returns the URL for the appropriate initial page for the user
// *** - if bUseCookie is true then viewSetting is ignored
// ********************************************
function GetPersonalPage(bUseCookie, viewSetting, favRight)
{
var view;

if(bUseCookie)
view = Number(GetSubCookie("ePortfolio_prefs", "view"));
else
view = viewSetting;

// In CSP, (0 == "") is true. Need the String cast to ensure 0 != "".
if ((view == -1 || String(view) == "") && favRight)
return "available.csp?pageView=subscription";
else if (view == 0 || ((view == -1 || String(view) == "") && !favRight))
return "available.csp?pageView=personal";
else
return "available.csp?pageView=personal&currID=" + view;
}

function GetGuestPage(bUseCookie, viewSetting)
{
var view;
if(bUseCookie)
view = Number(GetSubCookie("ePortfolio_prefs", "view"));
else
view = viewSetting;

if(view == 0 || view == -1)
return "available.csp?pageView=guest";
else
return "available.csp?pageView=guest&currID=" + view;
}
%>

Thanks....



Nuffsaid.
"This Week, We're Stampeding!!
 
Upvote 0 Downvote
Actually, I think you want to post LOGONFORM.CSP, because it is a line like this:
Code: 
<a href="javascript:logon();">Log On</a>
that is being executed when the user clicks Log On. It is this piece that you want to automate so the user intervention is unnecessary.

Unfortunately, I don't know the code that will allow the csp to process and auto-execute the function.
 
Upvote 0 Downvote
logon.csp should handle this for you via LogonAndCheckRight function, without needing to touch logonform.csp, unfortunately I can't see anything wrong with Nuffsaid's logon.csp page.

logonform.csp is there to collect user information and pass that on to the session manager, with SSO there is no information to collect therefore the page is not needed.

Kingfisher
 
Upvote 0 Downvote
You are correct. I was thinking logonform called logon. It does, but logon also calls logonform.

Just below the call to LogonAndCheckRight is a 'catch' statement that results in a redirect to logonform.csp. Would you think, Kingfisher, that this 'catch' is being executed?

There is an 'if' within the 'catch' that could be suppressing the error message that would be displayed on logonform. If you (Nuffsaid) are not seeing one, you might copy the "SetSession("ErrMessage", e.description);" statement from the 'else' branch to the 'if' branch and see what error shows up on logonform.
 
Upvote 0 Downvote
Hi Guys

I tried mdwyer's suggestion and no error message showed up.
I was still presented with the log on screen, clicked log on, sans userid & password, and I was in.

Any other ideas???


Nuffsaid.
"This Week, We're Stampeding!!
 
Upvote 0 Downvote
The 3 redirect(logonform) statements include an "action" parameter that should appear in the URL when the form is displayed. Which is there?
 
Upvote 0 Downvote
mdwyer,

Not quite sure what you're after here. Can you elaborate? My users never even get to the launch pad. They are provided a desktop shortcut that puts them right on the log on screen. The following is the link they use for LAN access;


OH MY GOD!! The answer is right in front of my eyes! The file being called should be logon.csp not longonform.csp
DOH!!!

Sometimes just having someone else make you take a second look......

Thanks much!!

Nuffsaid.
"This Week, We're Stampeding!!
 
Upvote 0 Downvote
Grrrrrrrrr!!!! I nearly asked that, but thought no surely not [lol]

Kingfisher
 
Upvote 0 Downvote
I'm so glad you thought it out right there in the post!
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Statey603
  • Locked
  • Question Question
Input Parameters screen issues: multi-line and width
Replies
0
Views
507
Statey603
Statey603
Tracy Leggett
  • Locked
  • Question Question
Nth Largest item based on Price but need to show Item #
Replies
1
Views
602
lbass
lbass
Creamac
  • Locked
  • Question Question
search Enterprise based on scheduled dates
Replies
5
Views
480
Creamac
Creamac
cmptreasy
  • Locked
  • Question Question
Crystal Embedded 10 and Windows server 2008 R2 (x64)
Replies
1
Views
346
hilfy
hilfy
jpeters01
  • Locked
  • Question Question
Trouble with URL in Crystal Enterprise 10
Replies
0
Views
259
jpeters01
jpeters01

Part and Inventory Search

Sponsor

Back
Top