I am in St. Louis, MO this week attending a Microsoft Office SharePoint Server 2007 Technology Specialist bootcamp. One of the topics that I had hoped would be covered in some detail is Single Sign-On (SSO), which has caused me a great deal of frustration in our SharePoint Portal Server 2003 implementation at work. Unfortunately, SSO was barely mentioned in today’s session. You gotta love Microsoft Official Course material!
During our lunch break I stayed in the classroom and attempted to configure SSO on the virtual PC used for my class labs. By the way, no lab in the curriculum dealt with SSO. I received the same error that I have received previously in SPS 2003 – You do not have permission to perform the operation. I was logged in with a Domain Admin account which, by the way, I had used to install MOSS – what more permissions should I need!!
I did a quick search of the error on the Internet and came across a blog, Grossmann IT GmbH, created by Frank Grossmann, which offered a solution. The GUI in SharePoint Central Administration says, in the Account name box, type the name of the group or user account that can set up and manage the single sign-on service. This account must be a member of the same domain to which the single sign-on service account belongs. If you do this, you receive the permissions error. Frank’s solution is to use the service account you created for the Microsoft SSO service to log on to the machine (which normally is not recommended), access the SharePoint Central Administration website and enter the account.
I tried this method and was able to create the Single Sign-On Administrator account successfully. This is as far as I have gotten with SSO configuration and Microsoft Office SharePoint 2oo7 but will post the final results soon (hopefully).
Posted by Jim Doyle 
