Welcome!

Welcome to the official BlackBerry Support Community Forums.

This is your resource to discuss support topics with your peers, and learn from each other.

inside custom component

BlackBerry® Enterprise Service 10

Reply
New Contributor
Posts: 2
Registered: ‎05-01-2013
My Device: Z10

Single Sign On: BlackBerry Devices without requiring the users to type a user name and password access Intranet

Hello, excuse me, I dont’ very well English,

 

I try activate SSO for  BlackBerry device users to access intranet (http://s1-univ-url.compagy.lan/bes) using BlackBerry devices without requiring the users to type a user name and password each time the access the intranet sites. I configure the BlackBerry MDS connection service to support Integrated Windows authentification.

But  I was able to do for Intranet websites is to just have the domain pre-entered during login, the user has then to enter the password if he has checked to remember the username, but haven't achieved single sign-on. From what I've read this is not possible expect if you follow the other KB article that prompts you to delegate access to a site which in my case is not really applicable since we are talking about many sites (http://docs.blackberry.com/en/admin/deliverables/16661/SSO_for_MDS-CS_1086111_11.jsp).

To just have the domain pre-entered in the authentication popup but the users then have to enter their password everytime.

I tested from computer (Windows 7) in active domain for access to the intranet site (htt://s1-univ-url.compagy.lan/bes) and SSO success (Auto Logon). Why SSO does not work since the blackberry terminal ?

If anyone had better luck with AD authentication I would also be glad to hear it please.

 

Architecture:

 

Active directory (Windows 2003 R2 SP2) forest: Windows 2003 R2.

Adresse IP: 10.0.2.245

Domain: labotest.lan

FQDN: dc-labotest.lan

Service Account: s1-srv

SPN for service account: HTTP/ s1-univ-url.compagy.lan

                                             HTTP/s1-univ-url

DNS record TYPE A:                   s1-univ-url       : 10.0.2.244

 

Web server (Windows 2008 R2, IIS 7)

@ IP: 10.0.2.244

Account Pool application: s1-srv

Integrated Windows® authentication

 

URL : http://s1-univ-url.compagy.lan/bes

Anonymous Authentification : OFF

 

BlackBerry MDS Connection Service

 

Service Account : sso-bes-srv

 

Procedding in active directory

  1. In Microsoft Active Directory, in the Microsoft Active Directory account properties, if the Delegation tab does not display, update the default HOST SPN registrations for the Microsoft Active Directory account sso-bes-srv.
  2. In the Microsoft Active Directory account properties, on the Delegation tab, configure the following settings:
    • trust this user for delegation to specified services only
    • use any authentication protocol
  3. Click Add.
  4. Perform one of the following tasks:
    • If a pool of application servers hosts the intranet site and the pool is running on Microsoft IIS and is located behind a load-balancer, select the user account that

S1-srv

  1. Select two HTTP services type for the user account or application server that you specified. (HTTP/ s1-univ-url.compagy.lan and HTTP/ s1-univ-url)

 

Then I followed the procedure. http://docs.blackberry.com/en/admin/deliverables/16661/SSO_for_MDS-CS_1086111_11.jsp for BlackBerry MDS (URL PATTERNS, rules access…..)

Can you help me please because I Despere

 

thank you in advance

Retired
Posts: 2,372
Registered: ‎07-13-2009
My Device: BlackBerry Z10 smartphone

Re: Single Sign On: BlackBerry Devices without requiring the users to type a user name and password access Intranet

Hello ced666,

 

Please refer to the following regarding single sign on access:

 

Allow devices to have single sign-on access to your organization's network (Page 90) - http://docs.blackberry.com/en/admin/deliverables/48971/BlackBerry_Device_Service_6.2_Administration_...

 

This will only work via the work browser.

 

Thank you.


-FB


 


Come follow your BlackBerry Technical Team on Twitter! @BlackBerryHelp


Be sure to click Kudos! for those who have helped you.

Click "Accept as a Solution" for posts that have solved your issue(s)!


Contributor
Posts: 10
Registered: ‎10-19-2010
My Device: 9700

Re: Single Sign On: BlackBerry Devices without requiring the users to type a user name and password access Intranet

Is this document still valid?

 

Cant find this document?

 

Thanks