SSO deploy seems to succeed, what causes the error "The mapping does not exist"?

Topics: Bindings File, Settings Management and SSO
May 12, 2014 at 7:58 PM
I've setup what seems to be a successful deployment of some values to SSO, but when I look them up I cannot find them.
The out-of-the-box SSO Admin tool shows the application, but no values. The MMC SSO Snap-in doesn't even show (of probably find) my application.

I've set: <IncludeSSO>true</IncludeSSO>

The output from the deployment is (regarding the SSO part):
Target DeploySSO:
"E:\SomeFolder\1.0\Deployment\Framework\DeployTools\SSOSettingsFileImport.exe" "MyApp" /settingsFile:"E:\SomeFolder\1.0\Deployment\environmentSettings\Exported_devSettings.xml" /userGroupName:"BizTalk Application Users" /adminGroupName:"BizTalk Server Administrators"
Affiliate application 'MyApp' was created.
Settings file was associated with application 'MyApp' in SSO.
Target CustomSSO:
    Updated SSO config item with name: UserId
    Updated SSO config item with name: Password
    Updated SSO config item with name: ProjectPath
    Updated SSO config item with name: SourceSettingsFile

When I run my application I got this error:
The mapping does not exist. For Config Store applications, the config info has not been set.

So something must be wrong with the deployment.
Do I need to set or specify something else?
May 12, 2014 at 9:36 PM
Edited May 12, 2014 at 9:39 PM
We have set this up like this:
In the first ItemGroup:
This in it's own item group:
    <PropsFromEnvSettings Include="SsoAppUserGroup;SsoAppAdminGroup" />
Where these settings are set for each environemnt in the environment file.

This is all that should be needed.
If we use the "Edit SSO Settings" link in the installed application's start menu folder, it shows all settings we specified in the environment's file.
May 13, 2014 at 2:16 AM
It might be due to a mismatch between the security group names specified in SsoAppUserGroup and SsoAppAdminGroup in the spreadsheet and the actual group names. It looks like you are using "BizTalk Application Users" and "BizTalk Server Administrators" but your settings file is Dev not Local, so are you missing a domain name?

May 13, 2014 at 3:06 PM
Thanks for your quick replies!

@egrootenboer: I have exactly the same, and I can also view the SSO settings using the tool.

@tfabraham: Wouldn't the deployment of SSO fail if the security group names were incorrect? I remember this happening when I deployed to my TEST environment for the first time.
May 13, 2014 at 4:52 PM
Also check if the accounts are in the correct groups for SSO access, might be a mismatch somewhere.
May 13, 2014 at 8:26 PM
On my local dev machine I'm local admin and I deploy from that account, so it seems that can hardly be the cause. Right?

By the way, I tried to deploy with security groups named differently from what is available and then the deployment fails.
For my test environment I have put the domain in front of the groups and that deploys successfully (I forgot this the first time, and deployment failed then with something like invalid account). But still after the successful deployment, the settings aren't really in SSO....
May 13, 2014 at 9:32 PM
Everything that you have said indicates that the Deployment Framework SSO deployment is successful and working as expected. It is normal to see the affiliate application in SSO Admin MMC with only one value. That value contains the settings XML, but you can't see the value with the SSO Admin tool. If the values were not deployed correctly, you could not use the BTDF SSO Settings Editor app to view them -- you said that it works.

Can you describe exactly what code you are using in the app for SSO? The only supported way to access the SSO data is a reference to SSOSettingsFileReader.dll from the Deployment Framework that uses the SSOSettingsFileReader class.

Marked as answer by tfabraham on 5/14/2014 at 7:50 AM
May 14, 2014 at 10:14 AM
Hi Tom,

That last part was the life saver!

My map contained the functoid to read from SSO from the BizTalk Mapper Extensions UtilityPack, and that uses apparently an unsupported method.
I changed that to the Scripting functoid using the SSOSettingsFileReader as external assembly, and it worked right away.

Thanks for your prompt response!
May 14, 2014 at 2:50 PM
No problem, thanks for the update!