Showing results for 
Search instead for 
Did you mean: 

Signle Sign-On different domain


Signle Sign-On different domain


I have a problem with Single Sign-On for a web based application.

The application is hosted on a server that is member of the EU-domain. In the application however users can connect from 2 different domains, the EU and the EXTERNAL domain.

The user log on to the SSL VPN with there EU or EXTRANET domain account and go to the application bookmark, ut I'm unable to configure the SSO for this. When logged on with an EU account no problem, I get the application. When logged on with an EXTERNAL account, I'm getting an login screen (see attachment)

Is it because the server is in the EU domain? How can I force the SSO?

Also added a session recording log file

Kind regards


Re: Single Sign-On different domain


if you authorize against Active Directory with LDAP and the domains are within the same forest, you might try using <userAttr.userPrincipalName> instead of <USERNAME>.

At least for some of our environments this works fine.

Hope this helps ...


Regular Contributor

Re: Signle Sign-On different domain

Above post is a good solution for LDAP auth servers.

On the SA if you have defined an "Active Directory/Native NT" type of authentication server then you may use the variable <USER> in the SSO policy. This variable is of the form "domain\username" (only if the authentication server on SA is a "Active Directory/Native NT" type of authentication server)

If you are neither using LDAP nor AD auth servers then you will have to create two policies (one for each domain) and the policies will have hardcoded domain names. For example EU\<USER> and EXTRANET\<USER>


Re: Signle Sign-On different domain

I enabled "Persistent password caching" in the userrole. With this the user can enter his/her userid & pasword the first time and then save it for the next times.