Original Question: SharePoint/ProjectWise Web Server Single Sign On Setup by jjussal
I am trying to set up single sign on for SharePoint/Web Parts but I am running into a road block. I have followed the technotes and the implementation guide to set everything up but user permissions aren't carrying through as I would expect.
I set up a delegate user to log on to the web parts expecting that other users who log on to the site will only see the projects/folders they have rights to see but this doesn't seem to be the case. Other users are still able to see everything the delegate user can see which we don't want. The delegate user has been enabled as a delegate user through PW admin, configured them as the delegate user on the Web Servers, and we have added the SharePoint Servers to the trusted server section in the Integration Server's dmskrnl file.
Any help would be appreciated by anyone who might have had some similar issues with this setup.
Verified Answer: RE: SharePoint/ProjectWise Web Server Single Sign On Setup by Ranveer.Basra
***Please make sure you are a ProjectWise Administrator before you are doing this as well a administrator on servers who can make changes***
Open the DMSKRNL.CFG
Under the [Trusted Server] Section add ProjectWise SPSERVER (or name of the SharePoint Server) = <IP address>
Go the [DB] section at the bottom of the file: for the datasource you are goign to use add SSO=1
Type=Microsoft SQL Server
Now make sure you are logged in as a ProjectWise Administrative account: Create a user which is going to be used as the delegated user. Under the Settings Tab --> User Settings --> Expand Administrative and check the 'Enable as delegate user'
On your SharePoint server:
Go to Start --> Programs --> Bentley --> ProjectWise v8XM --> WebParts --> ProjectWise Web Parts Single SignOn Settings and point to the delegated user you just created. Save it and hit OK. On the SharePoint Site open the ProjectWise Navigation WebParts: Check the box for 'Use Windows Credentials (SSO)'
Now make sure the user has a domain account that is logging in to the ProjectWise Data source and has logged on to the his/her computer before they try to access the Web Parts.
On Client(s) Machine:
Under Internert Explorer go to Tools --> Options:
Under the Security Tab --> select Internet --> Click Custom Level:
Scroll down to the User Authentication section and turn on 'Automatic logon with current username and password' Click OK
Click on the Advance TAB scroll down to 'Security' and select 'Enable Integrated Windows Authentication (requires restart)
I usually do a iisreset as well clear the local user cache when testing. You should see the user who is logged on to the local machine and is a user in ProjectWise logged in to the web part via the delegated user.