AnsweredAssumed Answered

External Authentication (SSO) ignored by FM 14 client in some databases

Question asked by jbardwell on Oct 30, 2015
Latest reply on Sep 20, 2016 by jdevans

Product and version

FileMaker Pro Advanced 14 (subversion varies) connecting to database hosted on FMS 14 (subversion varies)

 

OS and version

Windows 8.1 for client and Windows Server 2008 R2 for host. Probably true of other Windows versions as well.

 

Browser and version

NA

 

Description

For some databases found that users are prompted to authenticate with External AD accounts. On the same server, with the same AD Security account in both, new databases created from scratch (nothing in them) prompt users to authenticate while 'legacy' databases, created in pre-14 versions of FM (and hosted on the server when it was upgraded to FMS14), do not prompt users (at least for those tested, and toggling "Allow Credential Manager to save password" ends up also requiring the workaround below).

 

Even though KB says "Single Sign On login has higher priority over Keychain/Credential Manager support." (see Keychain and Windows Credentials Support | FileMaker) it appears in Windows that this may not always be the case.

 

How to replicate

  1. Create new empty solution in FM14
  2. Upload to FMS14
  3. In Security create a valid AD external account that current user has access to
  4. Close the database
  5. Reopen database and user is prompted to authenticate. The expected behavior is that Users with valid AD accounts should not have to enter credentials.

 

Workaround

  • Checking File Options... > Open > "Allow Credential Manager to save password": the FM client uses AD external authentication and progresses without prompting for credentials.

Outcomes