LobbyCentral does not interface directly with Active Directory when using Single Sign-On.

It relies on the browser to transmit the identity of the user currently logged in such as MYDOMAIN\USERNAME.   The identity is then searched against LobbyCentral's database.  If a matching record is found, the user is logged in.  Otherwise, the user is taken to the Login page.

To determine what the web server is receiving, you can turn on logging to capture the identity attempts.

  1. On the web server, open c:\program files(x86)\fuhrsoftware\lobbycentral\web\Web.config
  2. Locate the <root> node
  3. In the child node <level>, change the attribute value from ERROR to DEBUG
  4. Save the file
  5. Ask the user to login via Single Sign-On
  6. On the web server, open c:\program files(x86)\fuhr software\lobbycentral\logs\WebApp.log
  7. The log file should contain several lines like this:

    Single-sign on is ENABLED.  Checking windows identity
    Windows User Account found is MYDOMAIN\TESTUSER

  8. Edit the Web.config and change <level> back to ERROR

If the browser is sending the user's old windows identity, try clearing the browser cache and cookies on the user's computer.