BizTalk Server: Create SSO Bindings Without Joining Active Directory (AD) Domain

Article
1/17/2024

Suppose you have a local development environment, perhaps as a virtual machine, but to develop an Enterprise Single Sign-On solution you must connect your machine to the Active Directory. That might not be permitted by company policy. This article describes a way to circumvent this in your local development environment., in order to create bindings that need an SSO Affiliate Application Name.

Scenario

You have a PC which is not a member of an Active Directory (AD) and you must create an FTP send port or receive location that uses an Enterprise Single Sign-On (SSO) Affiliate Application. Some third-party adapters allow you to enter any SSO Affiliate Application Name, but the built-in adapters, such as the FTP adapter, forces you to choose from a drop-down list. If your development environment isn't connected to an AD, you cannot create and set up an Affiliate Application, due to account restrictions in the SSO Administration Console, and thus you cannot create an FTP binding with an SSO Affiliate Application.

One solution is of course to develop bindings in some test environment which is connected to the AD, but that's not always possible. And editing the binding file manually requres at least a template for the SSO setting.

This article presents a way to create the application anyway, in order for the BizTalk administration console dialog for the FTP adapter to populate the drop-down list.

Solution

The SSO Affiliate Application's properties, including the name, is stored in the SSODB database in the table [SSOX_ApplicationInfo]. In the BizTalk Administration Console, the configuration dialog for the FTP adapter reads this table for Affiliate Applications to populate its drop-down list.

To be able to create a binding using an SSO Affiliate Application, the only thing needed is to insert one line into this table with your desired Affiliate Application Name, and a few other properties.
Beware that this is not a solution on how to use SSO in runtime without an Active Directory, this is only a minimum for populating the drop-down list in the configuration dialog!

When you have configured your send port or receive location, you can export bindings as you would normally do.

Insert Statement

It cannot be stressed enough that this must not be used in a production environment, and it is definitely not recommended to do this in your UAT/QA environment either. Edit the Affiliate Application Name in the SQL Server insert statement below on line 16, and then run it in your local development environment.

01.USE [SSODB]
02.GO
03.INSERT INTO  [SSODB].[dbo].[SSOX_ApplicationInfo]
04.           ([ai_app_name]
05.           ,[ai_timestamp]
06.           ,[ai_description]
07.           ,[ai_contact_info]
08.           ,[ai_user_group_name]
09.           ,[ai_admin_group_name]
10.           ,[ai_flags]
11.           ,[ai_num_fields]
12.           ,[ai_purge_id]
13.           ,[ai_audit_id]
14.           ,[ai_ticket_timeout])
15.     VALUES
16.           ('templateSSOAffiliateApplicationName'
17.           ,GETDATE()
18.           ,'template description'
19.           ,'template contactinfo'
20.           ,'EXAMPLE\BizTalk Application Users T' -- user group name
21.           ,'EXAMPLE\SSO Administrators T' -- admin group name
22.           ,2162790 -- 0x210066 flags
23.           ,2 -- num fields
24.           ,NEWID() -- <ai_purge_id, uniqueidentifier,>
25.           ,NEWID() -- <ai_audit_id, uniqueidentifier,>
26.           ,0 --default (use system setting) <ai_ticket_timeout, int,>
27.           )
28.GO

Now, open the properties for an FTP send port or an FTP receive location. Click in the SSO Affiliate field. Then, click the drop-down list button. It should now show the SSO Affiliate Application name you just inserted:

Share via

BizTalk Server: Create SSO Bindings Without Joining Active Directory (AD) Domain

Scenario

Solution

Insert Statement

See also

Additional resources