Step by Step: How to configure Workspaces(BridgeIT) to logon with Token Only policy

Version 5

    Verified Product Versions

    LANDESK Service Desk 7.6LANDESK Service Desk 7.7.xLANDESK Service Desk 7.8.xLANDESK Service Desk 2016.xLANDESK Asset Central 2016.xLANDESK Service Desk 2017.x

    Background:

    You may refer below links for detail. This doc is step by step guide on how to configure Workspaces(BridgeIT) to logon with Token Only policy.

    Configuring Workspaces

    Setting the Logon policy

    Setting up users to use integrated or secure token logon

    Integrated logon in Workspaces 2016.3

     

    Environment:

    Server YONG161en has joined a domain called bjsupportdomain:

    Open configurationcenter:

    Now the BridgeIT use Explicit only by default. If you do not want to use it, you may delete it. The example here is I delete the default BridgeIT.

     

     

    Create a new Framework called servicedesk.Framework2.

    Choose Logon Policy: Token only

    The user credential used to login STS should be a Windows Administrator account of the server hosting STS.

    Make sure the Test STS Connection result is Succeeded.

    Check the check box below "Create linked BridgeIT instance".

    Open the new application called BridgeIT and it should look like:

    If you decide to create the bridgeIT manually instead of Check "Create linked BridgeIT instance", you may Create a new BridgeIT application and it should look excactly the same with the automatically generated one.

     

    Open Concole, Set an user called eric_en with Network Logins: bjsupportdomain\administrator

    Login BridgeIT with predefined Network Login credential and Token only policy to confirm it works.

     

    Troubleshooting:

    1. You may not login Workspace with sa if you use token only logon policy. You may get below error:

    "Unauthorized"

    2. Please make sure the STS Authentication looks like below:

    Anonymous Authentication: Disabled

    Windows Authentication: Enabled

    The BridgeIT, Framework, Framework2, WebAccess Authentication should look like below:

    Anonymous Authentication: Enabled

    Windows Authentication: Disabled

     

     

    3. Check the "LogonPolicy" and "StsIssueTokenUrl" in tps.config is correct. They should be located:

    C:\ProgramData\LANDesk\ServiceDesk\servicedesk.Framework2\tps.config

    C:\ProgramData\LANDesk\ServiceDesk\servicedesk.BridgeIT\tps.config

    4. For more detail troubleshooting log you may refer to this doc: Diagnostic logging using Configuration Center