A long time ago, I commented that I was surprised that the Enterprise Single Sign-on (ENTSSO) service that came with BizTalk Server 2004 (and Sharepoint Portal Server 2003) was so manual based: Users needed to keep their credentials and mappings updated by hand, and even so using very awkward console applications.

Apparently, however, this was an scenario in mind but, I think, not implemented in the V1 version of ENTSSO that shipped with BizTalk 2004. However, Password Synchronization was added to ENTSSO for version 2.0, which came out with Host Integration Server 2004!

As I understand it, the model around password synchronization is having adapters hooked into ENTSSO that can notify it when either a password change has been made in the Active Directory (or another system for which an adapter exists) so that the ENTSSO can update the password stored in the Credentials Database (SSODB), and even forward that notification to other systems so that full synchonization can be done. This feature is included in the ENTSSO version of BizTalk Server 2006, by the way, though the stuff necessary to support has to be installed explicitly.

The way I ran into this information was while researching the ISSOPSAdmin interface of the ENTSSO API in the BizTalk documentation, which is the programmatic interface you can use to configure and manage password synchronization adapters:


namespace Microsoft.EnterpriseSingleSignOn.Interop


{


   [InterfaceType(0)]


   [Guid("C35718F9-C35C-4cd4-8978-2B4CE1792F1B")]


   [CoClass(typeof(SSOPSAdmin))]


   public interface ISSOPSAdmin


   {


      void AssignAdapterToAdapterGroup(string adapterName, string adapterGroupName);


      void AssignApplicationToAdapter(string applicationName, string adapterName);


      void ClearDampingTable();


      void ClearNotificationQueues(string adapterName);


      void GetAdaptersForAdapterGroup(string adapterGroupName, out string[] adapters);


      void GetApplicationsForAdapter(string adapterName, out string[] applications);


      void RemoveAdapterFromAdapterGroup(string adapterName);


      void RemoveApplicationFromAdapter(string applicationName);


      void SetAdapterProperties(string adapterName, IPropertyBag properties);


   }


}


 




You can find out more about ENTSSO and about the password synchronization mechanism in this MSDN WebCast: Enteprise Single Sign-on integrated with Microsoft BizTalk Server 2004 and Microsoft Host Integration Server 2004. It has some good scenarios that show where ENTSSO can be used, as well as some good demos.


Tomas Restrepo

Software developer located in Colombia. Sr. PFE at Microsoft.