Topic
  • 5 replies
  • Latest Post - ‏2016-05-30T05:12:36Z by skarn
ValkyrieF6
ValkyrieF6
11 Posts

Pinned topic SSO Bypass for ICN

‏2013-04-23T16:43:13Z |

Is there a way to bypass SSO for testing purposes if an ICN instances is configured with it.

We would like to log on as various users in order to validate workflows, etc.

 

Thank you!

 

 

  • damorris
    damorris
    825 Posts
    ACCEPTED ANSWER

    Re: SSO Bypass for ICN

    ‏2013-04-26T15:32:08Z  

    Since this is really managed by WAS I don't know of any way you can bypass it.  I'm going to guess you're using Kerberos in which case you'd have to login to the OS as a different user.

  • djc664
    djc664
    23 Posts
    ACCEPTED ANSWER

    Re: SSO Bypass for ICN

    ‏2013-04-27T17:11:14Z  

    Thanks Dana, that's pretty much what I thought.  We'll probably set up a few VMs for various users and just switch between those.

    For those unaware, WPXT had a "ContainerLogin.jsp" page you could reference and bypass SSO with entered credentials. ICN does not have this (yet?). If you're limited (or prefer) to test on one windows machine, this may help:

    You can utilize the runas command in windows to launch the browser (or office product for CNMO testing) with whatever credentials you want. Because they will run in their own profiles, it will let you run them at the same time. More on this here: http://technet.microsoft.com/en-us/library/cc781769(v=ws.10).aspx

    For example, I test IE8 and IE9 with the following shortcut (32bit IE on win 7 64bit OS shown; remove (x86) for 32bit OS):

    Target = C:\Windows\system32\runas.exe /user:DOMAIN\USERLOGIN "C:\Program Files (x86)\Internat Explorer\IEXPORERE.exe"

    When you run the shortcut, it will bring up a command prompt asking for the password. Check the link above for more information about adding the password if you like. I prefer to see the prompt for what user I'm bringing up, as copied shortcuts can lead to confusion.

    Fine Print:

    I've gotten Firefox to use this as well, but Chrome tends to be problematic... I'd be interested in any experience you have with either. I can really only speak for the IE experience. Once you've made the shortcuts, it's actually pretty fast and easy to jump between a ton. I rotate about eight credentials to span roles from full admin to guest-only.

    You can just change the path in the example from IE to any program you like, such as Word or Excel. Note that CNMO cannot have more than one set of credentials active at one time - that's a limitation of the Microsoft Add-in, As long as you pay attention to which credential set you're using at any given time, it will function without having to log in and out of the machine. If you make a mistake, it will only turn the add-on to "inactive" though... manually activate again and you're back on track. So you can open any number of instances of Word, Power Point, & Excel under one user account this way, but if you open any office product with a DIFFERENT user before closing ALL of the other instances... inactive!

    Watch your CPU/RAM if you open more than two at a time and don't have a beefy test machine.

  • damorris
    damorris
    825 Posts

    Re: SSO Bypass for ICN

    ‏2013-04-26T15:32:08Z  

    Since this is really managed by WAS I don't know of any way you can bypass it.  I'm going to guess you're using Kerberos in which case you'd have to login to the OS as a different user.

  • ValkyrieF6
    ValkyrieF6
    11 Posts

    Re: SSO Bypass for ICN

    ‏2013-04-26T15:42:49Z  
    • damorris
    • ‏2013-04-26T15:32:08Z

    Since this is really managed by WAS I don't know of any way you can bypass it.  I'm going to guess you're using Kerberos in which case you'd have to login to the OS as a different user.

    Thanks Dana, that's pretty much what I thought.  We'll probably set up a few VMs for various users and just switch between those.

  • djc664
    djc664
    23 Posts

    Re: SSO Bypass for ICN

    ‏2013-04-27T17:11:14Z  

    Thanks Dana, that's pretty much what I thought.  We'll probably set up a few VMs for various users and just switch between those.

    For those unaware, WPXT had a "ContainerLogin.jsp" page you could reference and bypass SSO with entered credentials. ICN does not have this (yet?). If you're limited (or prefer) to test on one windows machine, this may help:

    You can utilize the runas command in windows to launch the browser (or office product for CNMO testing) with whatever credentials you want. Because they will run in their own profiles, it will let you run them at the same time. More on this here: http://technet.microsoft.com/en-us/library/cc781769(v=ws.10).aspx

    For example, I test IE8 and IE9 with the following shortcut (32bit IE on win 7 64bit OS shown; remove (x86) for 32bit OS):

    Target = C:\Windows\system32\runas.exe /user:DOMAIN\USERLOGIN "C:\Program Files (x86)\Internat Explorer\IEXPORERE.exe"

    When you run the shortcut, it will bring up a command prompt asking for the password. Check the link above for more information about adding the password if you like. I prefer to see the prompt for what user I'm bringing up, as copied shortcuts can lead to confusion.

    Fine Print:

    I've gotten Firefox to use this as well, but Chrome tends to be problematic... I'd be interested in any experience you have with either. I can really only speak for the IE experience. Once you've made the shortcuts, it's actually pretty fast and easy to jump between a ton. I rotate about eight credentials to span roles from full admin to guest-only.

    You can just change the path in the example from IE to any program you like, such as Word or Excel. Note that CNMO cannot have more than one set of credentials active at one time - that's a limitation of the Microsoft Add-in, As long as you pay attention to which credential set you're using at any given time, it will function without having to log in and out of the machine. If you make a mistake, it will only turn the add-on to "inactive" though... manually activate again and you're back on track. So you can open any number of instances of Word, Power Point, & Excel under one user account this way, but if you open any office product with a DIFFERENT user before closing ALL of the other instances... inactive!

    Watch your CPU/RAM if you open more than two at a time and don't have a beefy test machine.

  • ValkyrieF6
    ValkyrieF6
    11 Posts

    Re: SSO Bypass for ICN

    ‏2013-04-27T23:06:05Z  
    • djc664
    • ‏2013-04-27T17:11:14Z

    For those unaware, WPXT had a "ContainerLogin.jsp" page you could reference and bypass SSO with entered credentials. ICN does not have this (yet?). If you're limited (or prefer) to test on one windows machine, this may help:

    You can utilize the runas command in windows to launch the browser (or office product for CNMO testing) with whatever credentials you want. Because they will run in their own profiles, it will let you run them at the same time. More on this here: http://technet.microsoft.com/en-us/library/cc781769(v=ws.10).aspx

    For example, I test IE8 and IE9 with the following shortcut (32bit IE on win 7 64bit OS shown; remove (x86) for 32bit OS):

    Target = C:\Windows\system32\runas.exe /user:DOMAIN\USERLOGIN "C:\Program Files (x86)\Internat Explorer\IEXPORERE.exe"

    When you run the shortcut, it will bring up a command prompt asking for the password. Check the link above for more information about adding the password if you like. I prefer to see the prompt for what user I'm bringing up, as copied shortcuts can lead to confusion.

    Fine Print:

    I've gotten Firefox to use this as well, but Chrome tends to be problematic... I'd be interested in any experience you have with either. I can really only speak for the IE experience. Once you've made the shortcuts, it's actually pretty fast and easy to jump between a ton. I rotate about eight credentials to span roles from full admin to guest-only.

    You can just change the path in the example from IE to any program you like, such as Word or Excel. Note that CNMO cannot have more than one set of credentials active at one time - that's a limitation of the Microsoft Add-in, As long as you pay attention to which credential set you're using at any given time, it will function without having to log in and out of the machine. If you make a mistake, it will only turn the add-on to "inactive" though... manually activate again and you're back on track. So you can open any number of instances of Word, Power Point, & Excel under one user account this way, but if you open any office product with a DIFFERENT user before closing ALL of the other instances... inactive!

    Watch your CPU/RAM if you open more than two at a time and don't have a beefy test machine.

    Thanks, this works flawlessly! 

  • skarn
    skarn
    1 Post

    Re: SSO Bypass for ICN

    ‏2016-05-30T05:12:36Z  

    Is a way to Bypass ICN been configured in later versions or is it still not supported?

    - Thanks