If you try to configure the SSO (Single Sign-On) in Sharepoint 2007 for TFS 2010, you migh get the dreaded "Insufficient Rights" error.

Configuring the SSO for TFS is not THAT well documented, and you keep finding instructions like "Configure the propper applicaiton domain groups". What the heck that means?

Anyway, the first step is to configure the "Microsoft Single Sign On" service on EVERY Sharepoint frontend server. Change startup to AUTOMATIC, configure a DOMAIN account for that service, make it local administrator, add it to the local WSS_ADMIN_WPG group.

You can use the service account you used for running Sharepoint as it already has most of this configuration, or you can create a brand new account specially for the SSO service. If this Sharepoint server will be your new corporate server, probably want to choose the later.

And lastly, you you try to configure the SSO in the Sharepoint Central Administration and get the error "Insufficient Rights", make sure you are LOGGED IN with the account used for running the SSO service.

Hope that helps,

Andres G Vettori, VMBC, CTO

No Comments