Single Sign-On Configuration

Jul 29, 2010 at 2:46 AM


Is Single sign-on feature of CCF 2009 is available in CCA? Please let me know the steps to be followed to configure single sign-on in CCA.



Jul 31, 2010 at 2:19 PM

We no longer ship the Microsoft SSO Server with UII\CCA. However the support for doing SSO is still there.

If you look at the quick starts that are part of UII you will see an example of an SSO extension, and a blog post on how to do it is on my to-do list. I will cross link it here when I do it.


Aug 11, 2010 at 1:56 PM

Hi Matt,

Thanks for the help, I followed the following steps that are provided in the Quick Starts for SSO. But the Single sign on is not working.

1. Deployed the WCF service to IIS

2. Added the System.ServiceModel section in Agent Desktop config.

3. Updated the Xml file path for the credentials.xml in the AgentCredentialService’s web.config.

4. Updated the Credential.xml file to contain the agent id and domain of the logged in user.

5. Uncommented the entry for SsoLookupservice in AgentDesktop config.

Please advice if I am missing anything.








Aug 19, 2010 at 12:10 AM

Did you deploy the ESSO Server from BizTalk?
You will need that unless you write your own, 


Aug 25, 2010 at 8:27 AM

Hi Matt,

I  installed ESSO server from Host Integration server 2006. From the SSO Administrator, i have added the application in the affiliate application List and created the mapping.

But Single sign-on does not works.

In CCF, each application have enable single sign-on and we also add the fields used for single sign-on, is there any mechanism in CCA like that.


Please guide us how to configure Single Sign-on in CCA.



Nov 8, 2010 at 11:55 AM

Hi Matt / vish_qs,

I've also used the ESSO component when it was shipped with CCF. From memory it was a matter of just using the SSO client functions to retrieve credentials from the SSO server. This seemed to work fine. Looking at the QuickStarts it appears this example is simply using an XML file to store credentials behind a WCF service, it has no connection to the SSO DB at all. Am I reading this correctly?

Assuming so, I have a couple of question:

From the above discussion, are you suggesting that the best way to provide SSO function is behind a WCF service in this fashion? And that the existing WCF service should then connect to the actual SSO DB?

Also, is there anything that should be read into SSO no longer shipping with CCA. Application automation and SSO seem like a perfect match, so it seems odd that they were separated.





Nov 12, 2010 at 3:22 PM

I need to dub check but I believe the ESSO adapters were put into the UII quickstarts, along with a simple Adapter as well.

The reason we remove the direct ESSO bits when we merged CCF to CRM ( Creating CCA/UII ) was that CRM didn’t package the functionality..  we did leave the feature set in the Shell API, which is exposed as an AIF Service called ISsoLookupService.  There is an example in the UII quickstarts showing how that is wired.

Aside from that you shouldn’t read anything else into it… the intention is to continue to provide that feature set via the ISsoLookupService interface for hosted applications,  and when someone gets some time perhaps write a few examples of using it to talk to an STS..

To be clear.. We are not making any suggestions in the UII samples as to “how’ you should build your SSO provider.  The SimpleSSO example ( the XML file ) is one I wrote a few years back for demo’s, and I used to cover the concepts with students and customers.  We are providing the transport and interface layer inside UII to support SSO in general.

We would suggest using MS ESSO or an STS / ADFS type solution to construct it however we also intended that this should be pretty open-ended to account for unforeseen SSO requirements and such.

Also in CRM 2011 the plan is to support the CRM Claims based Auth for CCA for agent login.. so it will get more interesting there J