You are viewing limited content. For full access, please sign in.

Discussion

Discussion

Forms - Configuration will not complete due to SOAP security error

Forms
Updated July 21, 2022
posted on March 2, 2020 Show version history

Has anyone ever run into this when configuring forms and trying to fill out the field "Allow the following groups to sign into Laserfiche Forms". I can't continue the basic configuration because of it.

I mean I have no access to any SOAP integration code, just what I see in front of me.

System.ServiceModel.Security.SecurityNegotiationException
Message: SOAP security negotiation with 'http://directoryserver:5048/LicenseManager/service' for target 'http://directoryserver:5048/LicenseManager/service' failed. See inner exception for more details.
 

Inner exception: System.ComponentModel.Win32Exception
Message: The Security Support Provider Interface (SSPI) negotiation failed.

0 0
replied on March 2, 2020

Please check what user is running the "Laserfiche Directory Server Service“ and make sure the service user's pricipal name configured in XmlEndpointUtility.exe of Directory Server match it as well.

0 0
View 2 previous replies
replied on March 3, 2020

The Directory Server Service on the DS server is running as user "Network Service", the default set by the installer. I found the XMLEndPointUtility.exe and entered "Network Service" into the service principle username.

Then I went back to the Forms server and I get the same error trying to enter groups to sign into Forms.

 

 

0 0
replied on March 3, 2020

Check your firewall and make sure ports 5048 & 5049 are open on your LFDS

 

0 0
replied on March 3, 2020

Yup, got that one checked already. The problem isn't with reaching the DS server over port 5048, otherwise we would not get as far as to running into this soap security error. This is a message from the DS server itself.

0 0
replied on March 9, 2020

I am almost certain that this error will not go away until these steps are done, but I can't find the documentation on how to accomplish this. This is not the same as setting up a web certificate in IIS.

 

When turning on the alternate STS, the configuration utility prompts for a certificate. This certificate does not have to be the same certificate used for IIS SSL bindings. The certificate for the alternative service is used only for validating the WCF connection between the various client applications and the Directory Server service. See the following list of requirements for the certificate:

• The certificate subject name must match the Directory Server host name configured in the Directory Server's Endpoint Configuration Utility (XmlEndpointUtility.exe).

• The certificate must be allowed for server authentication and client authentication purposes (i.e., have the Server Authentication and Client Authentication application policies).

• The certificate must have a private key.

• The Directory Server service user must have Read access to the private key.

• The certificate must be able to pass chain trust validation (i.e., the issuer chain list must contain at least one issuer in the machine's root trusted store.).

0 0
replied on July 21, 2022

Hey Chad,

Did the above steps resolve the issue?

Thanks,

Jeff Curtis

0 0
You are not allowed to follow up in this post.

Sign in to reply to this post.

Details
Related Posts
Loading ...