Jump to content
Claris Engage 2025 - March 25-26 Austin Texas ×

Upgrading from FMP13 to FMP14 does not show "Save Password to..." or accepts SSO

Juan David Gil

By Juan David Gil
in Security Concepts

 Share

This topic is 3125 days old. Please don't post here. Open a new topic instead.

Recommended Posts

Juan David Gil Rookie

Juan David Gil

Posted
Posted

I was using FMP 13 and FMS 13 for most of our work and testing.

However, once we upgraded to FMP 14, our SSO or saving passwords to keychain/other password managers, are no longer show or work.

We are using FMS on a local domain and FMP to access it too.

 

Link to comment
Share on other sites
Juan David Gil Rookie

Juan David Gil

Posted
  • Author
Posted
18 hours ago, Wim Decorte said:

Can you describe your deployment in a bit more detail?  I'm assuming that true SSO (not the kind mimicked by save to keychain/cred mgr) worked before?

 

 

Using a Filemaker Server 14 trial in a Windows 2008 Server R2 environment with Active Directory on another Server.  The Domain is a Windows 2008 server level.

Clients vary from Windows 7 to MacOSX El Capitan to FileMaker 14 Go, but all of them are not showing the save password or with a functional SSO, whilst the FileMaker 13 version do work.

I don't know if I have provided the information you need.

Link to comment
Share on other sites
Steven H. Blackwell Grand Master

Steven H. Blackwell

Posted
Posted

OK, here are a few points to consider about this.

1. There is no SSO from a Macintosh workstation for FIleMaker Pro under any circumstances.

2.  You can save credentials for Macintosh OS users in the KeyChain, provided in Version 14 that this functionality has not been blocked in the file options for the hosted file. Those credentials can be from Active Directory domain level Accounts provided the FileMaker Server is a member of the domain.

3.  For Windows OS users, you can save Credentials in the Credentials Manager, provided in Version 14 that this functionality has not been blocked in the file options for the hosted file. Those credentials can be from Active Directory domain level Accounts provided the FileMaker Server is a member of the domain.

4.  For Windows OS users, if their workstation allows them to authenticate to the Domain, true SSO will take place.  The users will not be challenged for credentials from the Domain level Accounts.

5.  If, as appears here to be the case, Windows users are challenged for Domain credentials, this is most likely caused by a bug in FileMaker Pro 14. You can work around this by being sure that the option to allow storage of credentials has been enabled in the file itself.

6.  You should also rule out any issues associated by SSL certificates that can block server sites.  That does not appear to be the case here; however, it pays to check.

Now, here is where the mystery starts:  if the file was initially created in an earlier version, when converted to version 14, the allow storage of credentials should be checked.  In a brand new file, first created in Version 14, the option will not be checked.

Checking the option to allow storage will workaround the SSO bug for Windows, and it will also allow the Macintosh users to save credentials in the KeyChain.

Please see attached screen shots.

All this said, I am not a fan of storing credentials in either the KeyChain or the Credentials Manager.

 

Steven

 

CredentialsManager.png

MacOSKeyChain.png

  • Like 1
Link to comment
Share on other sites
Juan David Gil Rookie

Juan David Gil

Posted
  • Author
Posted
2 hours ago, Fitch said:

You may be running into the same thing I did recently:

https://community.filemaker.com/message/545446#545446

 

Thank you.  Steven taught me what I had wrong.

1 hour ago, Steven H. Blackwell said:

OK, here are a few points to consider about this.

1. There is no SSO from a Macintosh workstation for FIleMaker Pro under any circumstances.

2.  You can save credentials for Macintosh OS users in the KeyChain, provided in Version 14 that this functionality has not been blocked in the file options for the hosted file. Those credentials can be from Active Directory domain level Accounts provided the FileMaker Server is a member of the domain.

3.  For Windows OS users, you can save Credentials in the Credentials Manager, provided in Version 14 that this functionality has not been blocked in the file options for the hosted file. Those credentials can be from Active Directory domain level Accounts provided the FileMaker Server is a member of the domain.

4.  For Windows OS users, if their workstation allows them to authenticate to the Domain, true SSO will take place.  The users will not be challenged for credentials from the Domain level Accounts.

5.  If, as appears here to be the case, Windows users are challenged for Domain credentials, this is most likely caused by a bug in FileMaker Pro 14. You can work around this by being sure that the option to allow storage of credentials has been enabled in the file itself.

6.  You should also rule out any issues associated by SSL certificates that can block server sites.  That does not appear to be the case here; however, it pays to check.

Now, here is where the mystery starts:  if the file was initially created in an earlier version, when converted to version 14, the allow storage of credentials should be checked.  In a brand new file, first created in Version 14, the option will not be checked.

Checking the option to allow storage will workaround the SSO bug for Windows, and it will also allow the Macintosh users to save credentials in the KeyChain.

Please see attached screen shots.

All this said, I am not a fan of storing credentials in either the KeyChain or the Credentials Manager.

 

Steven

 

CredentialsManager.png

MacOSKeyChain.png

Thank you so much for your input. This solved the deal.

Link to comment
Share on other sites
Fitch Grand Master

Fitch

Posted
Posted

>>The storage option should not affect Windows SSO at all

That's why I linked to that thread. It may not be intended to affect SSO, and it's not documented as such, but at least a few of us are convinced that it does affect it.

Link to comment
Share on other sites
Fitch Grand Master

Fitch

Posted
Posted

Thanks, Steven. You and I agree it's a bug, but again in the thread I linked our friend Wim thinks not, nor has FMI acknowledged a bug.

It's not a big deal for me right now, I'm OK with the checkbox on, but it was confusing to troubleshoot.

Link to comment
Share on other sites

This topic is 3125 days old. Please don't post here. Open a new topic instead.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.

  I accept