Single Sign On (SSO) works for some CA Service Desk Manager (CA SDM) users, but does not for others
book
Article ID: 38611
calendar_today
Updated On:
Products
CA Service Management - Service Desk ManagerCA Service Desk Manager
Issue/Introduction
After enabling Single Sign-On (SSO) within CA Service Desk Manager (CA SDM), whether through Tomcat (WAFFLE), IIS (IWA) or a different NTLM solution, SSO works for some CA Service Desk users, but for others it does not. It also happens for other CA Service Management solutions e.g. XFlow and CA Unified Self-Service.
Environment
CA Service Management 17.1
Cause
There are two probable causes for this:
Single Sign-On is disabled on the browser level for some users;
The user does not have the right policy on the CA SDM server for SSO to work.
Resolution
Check if the web browser has SSO enabled by checking the web browser security settings: As Chrome uses the Internet Explorer settings, checking Internet Explorer will ensure it is enabled for both Chrome and Internet Explorer.
To check if SSO is enabled in IE, check IE's Security Settings to ensure that the CA Service Desk is added to the Trusted Site list and that the Trusted Site’s security settings allow for “Automatic logon with current user name and password.”
Check the Group Policy on the CA Service Desk server. The User requires the “Access this computer from the network” permissions. This is noted in the Windows NT Challenge/Response section on Microsoft KB 264921.