Single Sign-On Not Working

The SSO may not be working properly for a user.

Problem

Solution

RealPresence Web Suite could not obtain a Kerberos ticket from the domain.

This can happen if the domain is temporarily unavailable. For example, it may occur when the user is connected to the network through VPN or on a laptop with multiple network interfaces that do not include the correct Windows domain.

Check network settings and temporarily disable unused interfaces.

Integrated Windows authentication is not enabled.

In Internet Explorer, click Tools > Internet Options > Advanced. Select Enable Integrated Windows Authentication, click Apply, and restart Internet Explorer.

There is an issue with the Kerberos service account (the RealPresence Web Suite Services Portal user), and RealPresence Web Suite resorts to trying the NT LAN Manager (NTLM).

This occurs if the targeted Service Principal Name (SPN) is not set on the HTTP service account or if there are multiple service accounts with the same SPN.

Set a SPN for the RealPresence Web Suite Services Portal user account in the Enterprise Directory.

The HTTP service account (the RealPresence Web Suite Services Portal user) is disabled.

In Enterprise Directory, check the RealPresence Web Suite Services Portal user account and enable it.

If the user enters credentials into the Network Password dialog box, the browser will continue to submit network credentials using NTLM authentication even after the issue with the user network password has been resolved.

Purge saved passwords. Navigate to Start > Control Panel > User Accounts > Manage User Accounts > Advanced > Manage Passwords and make sure there are no passwords saved for the target site.

The time on the servers is not synchronized.

Synchronize the time on the servers using an NTP server and check the times regularly.