Enable Single SignOn in BizTalk App

Some Keypoint

BizTalk service must use domain account, Local accout not working.

In SSO Admin UI:

    Enable Ticket. in both Server setting and affiliate application setting.

     Add Affiliate Applications and define the account mapping. (Map from biztalk service account to application's User/pass)

In BizTalk Admin MMC:

     Choose Use Single Sign-On and select right application in the list.

For Receive port, that's nough, But send port will fail for "Unable to redeem ticket, no ticket exists in the message"

Reason is the message send to send port lacks a SSOTicket property, which is used by EntSSO to map.

Solve this, need a customized pipeline to add this property in message.

     Create a pipeline component:

    [ComponentCategory(CategoryTypes.CATID_PipelineComponent)]    [ComponentCategory(CategoryTypes.CATID_Any)]    [System.Runtime.InteropServices.Guid("1B83686C-3F09-421A-A36B-7C7AFBB5F40B")]    public class SSOTicketAdd : IBaseComponent, Microsoft.BizTalk.Component.Interop.IComponent, IComponentUI    {        public IBaseMessage Execute(IPipelineContext pContext, IBaseMessage pInMsg)        {            ISSOTicket ssoTicket = new ISSOTicket();            pInMsg.Context.Write("SSOTicket", "http://schemas.microsoft.com/BizTalk/2003/system-properties", ssoTicket.IssueTicket(0));            return pInMsg;        }

Create a customized send pipe, Put this component in Encoding stage. (do not put in Assembly/Pre Asm stage cause component did not implement IAssemblyComenont interface.)