You are viewing limited content. For full access, please sign in.

Question

Question

Error when configuring Forms to use STS

Forms Directory Server Laserfiche
Updated October 27, 2022
asked on September 8, 2022

We've been trying to configure our LF Forms to use Laserfiche Directory Server for SSO (STS) but are running into the following error when saving/enabling the settings:

 

Cannot find the specified username in the Laserfiche Directory Server site. Please check that the username is in the Directory Server and is a member of a group allowed to sign in to Forms. Also, verify that your Forms server has a valid license file and is registered properly in Laserfiche Directory Server. Finally, ensure that Forms is authorized to view users from all appropriate organizations. [LFF3007-InvalidLFDSCredential]

 

We're running Forms v11 and have STS set up on the same server where it resides (separate from the Directory Server), thus within Forms config, the Directory Server STS URL is pointing to itself, e.g. https://forms-server/lfdssts.  On this server, we've ran EndpointUtility.exe contained within Forms\Bin and entered both the FQDN (forms-server itself again) and service user's principal name.

 

Within Forms Config, in addition to the Forms and STS URL, we've entered the Licensing Site info and added a group that has access to Forms.  Under Laserfiche Forms System Administrator, we entered the username of one of the individuals that's part of the aforementioned group.  When trying to save and enable this Laserfiche Directory Server authentication, we get the above error.

 

It doesn't seem to matter if the Active Directory domain controller is specified or not, and we've tired different ways of entering the user as the System Administrator (e.g. full name, domain\username), but always end up with the same error message.  Thus we cannot move forward and switch Forms to using STS.

 

Did we miss a step somewhere or make a mistake with some of the configuration?  Any insight or suggestions would be appreciated!

1 0

Answer

SELECTED ANSWER
replied on October 10, 2022

You are using a Windows user as the system administrator right? Can you test with a Laserfiche user instead? Add a test Laserfiche user in Directory Server and add that user to group. 

Also you can update your Forms server to latest Forms 11 Update 2, with it you can configure allow everyone to access Forms instead of users from allowed groups, which this option it will not check whether the user specified as system administrator belong to the allowed groups or not.

1 0
replied on October 20, 2022

Adding a Laserfiche user (non-domain) as the Forms System Administrator worked!  I thought we tested that but apparently not.  Thank you for the suggestion!

After we added the Laserfiche user as the Forms System Administrator and successfully enabled STS, we tried disabling that account and it didn't seem to have any negative impact, e.g. other users were still able to log into Forms.  So, this brings up the question of what exactly the Forms System Administrator account is used for? 

0 0
replied on October 27, 2022

The Forms System Administrator you configured from Configuration site will be automatically granted with system admin role who can login Forms site and perform all kinds of actions. It is supposed to be the first system admin user for the Forms site. If there are other users who have be granted with system admin role as well, it's OK to delete the user used in the Configuration site. 

0 0

Replies

You are not allowed to reply in this post.
You are not allowed to follow up in this post.

Sign in to reply to this post.

Details
Related Posts
Loading ...