Hi All,
How do you update the LFDSSTS URL for the thick client? I can't find where it's set?
Cheers!
Chris
The default STS url can be overridden with a registry value on the Laserfiche client machine:
HKEY_CURRENT_USER\Software\Laserfiche\Client8\Profile\{repositoryName}Settings\LFDSSTSUrl
e.g.
HKEY_CURRENT_USER\Software\Laserfiche\Client8\Profile\MyRepositoryNameSettings\LFDSSTSUrl
and
HKEY_CURRENT_USER\Software\Laserfiche\Client8\Profile\Settings\LFDSSTSUrl
Hi Robert,
Thanks for the update, although maybe I'm not explaining this very well.
So I have a brand new machine, I install Laserfiche on it and launch the LF windows client for the first time, I click attach and enter the server name and repository name and click attach, I then get the logon box as shown in the original post with the LFDSSTS URL populated, no registry keys exist locally at this point as the repository has never been logged into before.
My question is, where is this URL set, server side?
Cheers!
Hi Chris - just in case this is still an issue for you; I had the exact same issue as you (in your original screen-shot) on a local PC (albeit on a machine that had an existing LF Office Integration).
Following Robert's advice and manually creating the two Registry Keyson the Client machine (which didn't exist at all, despite the previous installation) resolved the issue and now the LFDS URL is correct and lets me log-in to Office Integration using SAML. Nothing needed changing server-side.
YMMV - but give it a go 👍
For anyone who experiencing this issue i found another work around which may suit your needs. The registry update had too much overhead for us and required updating on each users current profile, e.g if the user logged into another machine, the registry would have to be updated again or URL typed manually upon each login... which requires a lot of administration/support each time a user is setup on a new machine or workstation.
The Windows Clients seems to take the LFDS Server FQDN as its default value. If your LFDS server is domain joined and the default LFDSSTS server URL is for example 'internalLFDSservername.companydomain.com' on the Client, this would generally not resolve external to the company network and require changing. If the public DNS for the server is for example 'auth.companydomain.com' we were able to add another DNS A record to the domain for 'internalLFDSservername' with the same IP as the public record for auth.companydomain.com. This meant any traffic going to the default LFDSSTS address would resolve correctly.
The only downside was the expected certificate errors due to the different domain name. To rectify this we added a URL rewrite on the server to redirect any traffic with the hostname 'internalLFDSservername.companydomain.com' to the correct public address 'auth.companydomain.com'. Alternatively you could add a certificate and binding for the internal name but this works better for us keeping it consistent.
We now require no additional configuration on the Windows Client and it will work on first installation and attachment of the repository profile.
Hi Chris,
The first time you open a document from Laserfiche, the URL is automatically set.
Having searched through my registry, I can't find an explicit mention of LFDSSTS, just what's below.
I've used RED to cover the repository name and BLUE to cover the name of the Repository server.
The Directory Server URL should be the usual LFDSSTS URL for the LFDS server, even if you're using a distributed STS configuration:
This does mean opening a secure port inside your network, not your DMZ.
Hope this helps.
-Ben
Hi Ben,
Thanks this does help post repository attachment, but it must be set somewhere inside LFDS or somewhere else, as this URL is populated during repository attachment (before you've logged in for the first time), I'm hoping to find out where it's set server side.
Cheers!
The server reads it from its license and advertises it to its clients.
Thanks Miruna, and how do you update this URL if it's incorrect?
Bump!
I'm having an issue with this URL also. We have moved to SAML accounts and need all my old AD users to use Directory Server with Thick Client. As I was setting this up, I didn't have a certificate on my server so it was set up as https://Servername/LFDSSTS. I now have a cert and need to modify this URL to match. I already had LDFS show an Error when changing some settings to match the new URL.
So Chris's question is exactly what I need, what license? the LFDS license? LF server license? What would be the process to update this license to ensure it matches the correct URL?
Thanks.