Windows Login Instead of Metastorm BPM Login if Single Sign-On is Also Configured

The information in this article applies to:

Product: Metastorm BPM
Version: 7.x

Issue

Windows Single Sign-On (SSO) is configured on a server. The eSSO\_Web.js and eUser.js scripts are listed first and second, respectively, in the list of authentication SAPs. Single Sign-On works as expected; however, using the normal login URL (e.g. http://webserver/Metastorm) brings up a Windows login screen instead of the Metastorm BPM login screen.

The Metastorm BPM Version 7 Windows Single Sign-On document (dated December 2006) and the Version 7.5 document state the following in section 3.5.5 entitled Set the Authentication Protocol (NTLM / Kerberos):

Change the directory security setting for the Metastorm virtual directory to use IWA only. This can be done using IIS Manager as follows: Open the Web Site Properties and select the Directory Security tab. Then, select the Edit button under Authentication and access control.
The documentation is incorrect. Make sure Enable anonymous access is selected for the Metastorm virtual directory.

BPM

There are no comments yet