LDAP Integrated Authentication does not work

I configured our LDAP authentication on ServiceCenter as per this link below. On that page is a test, I enter a username and password and the test passes 100%.

I created a simple test application. It has only one page, the HomePage. I set the application to be .Net only and set the HomePage to use "Integrated" authentication. I am not signed in on my laptop on the domain where the OutSystems VM is, but the OutSystems VM is in the same domain as the LDAP server (rightfully so else the test would not have worked), because I am not yet signed in on that domain on my PC it asks me for a username and password. I use the same username and password I tested with but it fails. 


I am at my wits end and do not know why this does not work.

Suggestions will be appreciated.

Which link did you follow? I don’t see it in your post. ??


Elize -

Thanks! These are good instructions (just wanted to make sure you weren't following some old post from 2011 or something :) ). What kind of failure message are you getting? If you look in Error Log in Service Center, do you see any errors besides "Invalid Login" (or whatever the default message is...) ?


Thanks Justin taking the time to look into this, 

I checked, no error messages, so that makes is very hard to trace the issue. Not even Invalid Login.

I have to confess my knowledge on LDAP and AD authentication is almost nothing.

So I was not sure how OutSystems is handling the authentication to the LDAP Server, it does seem from documentation that it leaves authentication to the browser on the client to perform, therefore from the domain the client on the user's PC is. The OutSystems environment and the LDAP Server is on the same domain, and a that is a different domain than what the user's browser is and the "Test" on ServiceCenter works because at that point the test is from the OutSystems environment to the LDAP server in the same domain. How does this work?

So you specify a "default" domain in Service Center for the LDAP, when the user tries to authenticate from a different domain does it take the default domain? I even tried to authentication specifying the domain pre-pended to the username; e.g.:


I have not the foggiest how this works, Googled a lot, but this is not clear what exactly OutSystems does behind the scenes.

On this note I would also like to ask whether it is at all possible with OutSystems to let users using a Web app running on their intranet to use Active Directory Single Sign on; i.e. user already signed onto intranet via AD on the workstation then when they open the Web App they are automatically logged in and do not need to enter username and password again. Is this even possible in an OutSystems Web App and how can this be achieved? 

Also how to assign OutSystems roles to such users. My client wants to assign roles in the Web App Administrator function to the users and not in AD. I do not see that this is possible unless if they supply the AD username an dpassword again in a login, authenticate them via LDAP and then create a local OutSystems User with the same username (if it not already exists), then login to OutSystems with this user and assign the roles each time the user logs in, storing the roles assigned in another table. So the User Adminsitrator must create the users with the same Username as in AD already and assign the roles. One can use LDAP to get list of AD users for User Adminsitrator to select from. 

Anybody had a similar issue please some advice will be appreciated.

For the first question, yes it is possible.

You need your front-end server belong to AD domain, then tick Windows Integrated Authentication

For the second question, it also has been tacked by the default Users provider espace.

When you login using AD credential (whether manual login or through Windows Integrated Authentication), it will create user in Users table automatically if AD username not found in Users table.

After that, you can assign roles to that AD user in https://server/Users as usual.

To automatically create/sync all AD users to Outsystems without first login to app, you have to use Active Directory plugin from Forge, or hack your way with codes (or low-codes).