IIS/passagepoint SSO integration Troubleshooting steps

PassagePoint uses IIS windows authentication via NTLM for SSO into PassagePoint

1) Receiving 404, page not found or page not loading at all

a) Disable URL rewrite

double click on URL rewrite

click on the rule, then hit Disable rule

b)  Test IIS by creating a test.txt file

Right click on the passagpoint site, and hit explore 

Using notepad, create a test.txt file with the words "test test test" like this, then save.

Now open a browser on the IIS machine and hit "http://localhost/test.txt"

IIS should return the test.txt page like below. 

 If you are not getting the test page, remove the PassagePoint IIS site and recreate it, and test again until you get the test.txt file

to remove, right click on the site, and hit remove.

2) Receiving a Realm challenge from IIS

a realm challenge Looks like this:

You should be using a FQDN to hit the website, as an IP will prompt IIS's realm challenge.

To avoid this, See KB here:

https://support.stopware.com/portal/en/kb/articles/iis-sso-is-prompting-for-username-password-realm-challenge

see under:

one issue that could be problematic is with DNS if a browser determines it is outside of the "intranet" realm

3)  You make it past IIS, but on passagepoint, you see the login page.

On IIS, make sure you are setting the authentication to "windows authentication", and 

make sure windows authentication is enabled, and everything else is disabled.

In the "ROOT" folder, if you have a file called index.jsp.sso_ad

​

Delete your index.jsp, and rename this index.jsp.sso_ad to index.jsp, then restart your passagepoint service.

How would you rate our customer service?

• Related Articles

• SSO Client authentication with Groups

  See KB article on how to configure Single Sign On (SSO) with PassagePoint Client AD Authentication https://support.stopware.com/portal/en/kb/articles/pasagepoint-client-ad-authentication To configure Single Sign On (SSO) with Groups PassagePoint must ...

• SSO setup with IIS

  Prerequisites 1) This document assumes you've laready setup passagepoint with IIS. if not, pls review here and set up IIS with passagepoint first: https://support.stopware.com/portal/en/kb/articles/iis-setup-with-passagepoint 2) LDAP directory Link ...

• IIS setup with PassagePoint

  PasasgePoint comes default with Apache web server, however passagepoint can leverage IIS as a front end Requirements 1) We module license installed on the passagepoint server With a passagepoint client, log in as the admin user, and do Home > ...

• ID Scanner Troubleshooting Guide

  ID Scanner Troubleshooting Guide If your Drivers’ License / Passport Scanners are disconnecting or going inactive, please follow the steps below to help remedy the issue. NOTE: If you have a QS1000 / Qs2000 For issues please see KB article on ...

• IIS SSO is prompting for username/password realm challenge

  As PassagePoint use NTLM SSO via IIS one issue that could be problematic is with DNS if a browser determines it is outside of the "intranet" realm If the DNS record has a different suffix and is not considered to be part of "Intranet" but instead is ...