Windows XP Service Pack 3 causes FileMaker single-sign-on problems

[PamRotella]

Our company-wide workstation upgrade to [color:blue]XP's Service Pack 3 caused problems with FileMaker's single-sign-on (a/k/a external authentication or Active Directory). FileMaker users (and users of one other application here -- I forget the name) were prompted to re-enter their user IDs and passwords as soon as they clicked on a server name to see its contents.

This happens in the "open remote" dialog box, at the point where they click a server to view its files. If they re-enter their network ID and password here (which has already logged them on and is active in the background, for people authenticated by network groups), then FileMaker submits that credential to any file they click. At the time they click to see a server's contents and are prompted for an ID & password, they can enter their NETWORK credentials (if they're authenticated through network groups), or an ID & p/w stored in the FileMaker files as a user account.

If they close the "open remote" window and come back to it, they're again prompted for a user name and password. The hassle for my company is, people have to enter their network ID and p/w again every single time they try to access a FileMaker server. This could be dozens of times a day for some people.

This occurred on FileMaker Server 8.5 with the option on the server checked that restricts users to see only files that they are granted access to. We spent some time troubleshooting the issue, and found that if we instead checked the box allowing users to see ALL files on the server, the extra prompt for a login goes away — but all users can then see (and try to access) ALL of the files on that server! So this is a security issue that our company wants to resolve. (Even though theoretically the users are still locked out of files they have no credentials for, they can still try to get in.)

To clarify, the extra sign-on box appears at the point where users attempt to click on the server name in the "Open Remote" box, before they can even see any files. But from that point forward they're not prompted for each file's password. Instead their network information is apparently submitted for them.

My company decided that this is a FileMaker problem, and had me contact people to see if anyone is coming out with a patch for this. I'd think that Windows would eventually acknowledge the problem and issue a patch, but until then I called FileMaker. FileMaker's answer was that FileMaker as of today only goes up to Service Pack 2, and is NOT certified for Service Pack 3.

If anyone can find a Windows or FileMaker setting/patch that might help, let me know! Until then, I'll post anything helpful I might find as I research it.

:

[Steven H. Blackwell]

FileMaker Server 8 is certified for Service Pack 1, [color:red]not Service Pack 2.

FileMaker Pro 8.5 is good on XP Pro SP 2, but not FileMAker Server on Windows Server 2003.

The dual dialog box is a red herring. It's taking you in the wrong direction. If you have the file filtering (aka database visibility) enabled (the feature that restricts users to seeing only the files here they have credentials to access) then you're supposed to be challenged twice, once for the server and once for the files.

If you are a Windows OS user accessing files on a Windows OS server running FileMaker Server, you should be able to access both the server and the files without further credentials challenge. This si the very essence and definition of SSO (SingleSign On). No other combination of client and server OS will support SSO.

What is happening to you is either that the domain controller isn't passing the authentication to FileMaker Server or that FileMaker Server cannot recognize the authentication token when it is passed. I would say that SP3 is a good candidate for being the culprit here.

Also, be sure that the Group names in the FileMaker Pro files exactly match the Group names in the domain.

If you or someone from your company is coming to the Developer Conference in a few days in Phoenix, track me down and I will review this with you.

Steven

[Tissot]

I still have this problem with Filemaker 10 on Server 10. Could it be that its some other setting? Surely Filemaker fixed it in 10??

[Steven H. Blackwell]

I still have this problem with Filemaker 10 on Server 10. Could it be that its some other setting? Surely Filemaker fixed it in 10??

OS of both Server and of client workstations? I suspect you have not installed the 10.0.1a patch? See the update information link.

Steven