Expand my Community achievements bar.

Dive into Adobe Summit 2024! Explore curated list of AEM sessions & labs, register, connect with experts, ask questions, engage, and share insights. Don't miss the excitement.

Setting SSO for 2 Domains

Avatar

Level 2

Hi,

I'm trying to setup a SSO for 2 Domains (different servers & different IP address) in a single livecycle server.

I used SPNEGO in this case and succesfully added both domains as enterprise domain, Kerberos authentication was tested succesfully with SPNEGO enabled.

But SSO only works in the domain the livecycle server resides.

Lets say Livecycle server is in DOMAIN A, all ther users in DOMAIN A can access to livecycle via SSO.

But SSO is not working for users in DOMAIN B.

When refer to the log, the error is:-

None of the available AuthProviders could authenticate the user

I refer back to the guide http://help.adobe.com/en_US/livecycle/9.0/adminHelp/admin.htm?content=000049.html, and notice it stated the following:-

  • 1. Decide which domain to use to enable SSO. The LiveCycle ES2 server and the users must be part of the same Windows domain or trusted domain.
  • So, this means that it is not possible for another domain to setup SSO?

    Any help?

    Thanks.

    Lionel

    3 Replies

    Avatar

    Level 2

    Miss out one thing,

    The environment is for  Livecycle Rights Management SSO.

    Thanks.

    Avatar

    Level 8

    This is following the AD model, without the trust between the two domains

    you can't access the cross domain resources.  If LC is

    associated to Domain A it doesn't have the ability to validate the token.

    Avatar

    Level 2

    Hi Tundra,

    If Domain B is a child domain of Domain A and both are in a trust relationship.

    E.g:-

    Domain A : compdomain.com

    Domain B : childA.compdomain.com

    Is it workable?

    and i found an document http://www.adobe.com/support/livecycle/ts/documents/kb408491/Kerberos.pdf which stated an issue in ES 8.2.1 that kerberos authentication may fail between multiple domain for rights management. Does this apply to LC ES2's rights management?

    Thanks for the reply.