SSO configuration for biztalk 2010 WCF-oracleDB adapter

1
votes

We have few biztalk 2010 applications. For connecting oracle we are using wcf-oracledb adapter. I am trying to implement Enterprise SSO for connecting oracle. I have configured SSO by creating affiliate application and assigned it to pipeline. while running interface getting below error

Error details: System.Runtime.InteropServices.COMException (0x80004005): Unable to redeem ticket, no ticket exists in the message. at Microsoft.BizTalk.Interop.IBTSTicket.ValidateAndRedeemTicket(Object message, String applicationName, Int32 flags, String& externalUserName) at Microsoft.BizTalk.Adapter.Wcf.Runtime.WcfClient2.ApplyClientCredentials(ClientCredentials clientCredentials, IBaseMessage message) at Microsoft.BizTalk.Adapter.Wcf.Runtime.WcfClient2.CreateChannelFactory[TChannel](IBaseMessage bizTalkMessage) at Microsoft.BizTalk.Adapter.Wcf.Runtime.WcfClient2.GetChannel[TChannel](IBaseMessage bizTalkMessage, ChannelFactory1& cachedFactory) at Microsoft.BizTalk.Adapter.Wcf.Runtime.WcfClient`2.SendMessage(IBaseMessage bizTalkMessage)"

Am I missing anything in configuration? How to resolve this error?

2
single-sign-onbiztalkbiztalk-2010
Are you trying to map the caller from the receive location through to the send port using SSO or are you trying to use SSO Affiliate to store credentials for BizTalk to use?Dijkgraaf

2 Answers

3
votes

You need a custom pipeline to attach a sso ticket to your messages.

Refer to this post:

http://blog.csdn.net/cnzee/article/details/7994243

(disclosure: it's my blog post)

2
votes

Option A: If you are trying to map the caller from the Receive Location through to the Send Port your host need to be trusted.

Option B: If you are using SSO Affiliate to store credentials for BizTalk to use then you need to create the SSO Ticket in the message.

The quickest way to do this is to use the BizTalk Business Rules Engine and use the CreateSSOTicketContextProperty action.

Let me explain why this is necessary. What the SSO Affiliate was intended to be used for is that you had the caller authenticate against the receive location (e.g. a web service) and the credentials of the caller would be passed through to the send port in a SSO Ticket which would then be mapped using the SSO Affiliate user mapping. This would happen when you mark the Host as Trusted.

Update: A colleague of mine has also said you need to confirm that tickets are enabled on the Affiliate Application in SSO Administration

enter image description here