SSO Problems (OpenInsight 64-bit)
At 08 MAR 2023 08:07:52PM Donald Bakke wrote:
We have an application that was relying upon SSO in OI 9.4 but after upgrading to 10.x this is no longer working.
After using the the "debug record name" feature of CFG_LOGIN, we figured out that OI 10 does not return all of the AD groups that a user is a member of. As a result, the AD group that we have dedicated toward our OI users are not getting identified.
This suggests that OI 10 queries the AD groups differently than OI 9. However, using RevDotNet and .NET’s Directory Services we were able to see all of the AD groups. Thus, it is possible to get the entire list.
We confirmed this is a problem with 10.1 and 10.2.