Configuration Settings in SSO – Part 1

This post was copied from Link. I wanted to prevent the risk of losing it.

In order to make the settings in your Excel settings spreadsheet (SettingsFileGenerator.xml) available to your BizTalk application at runtime, they must be deployed into a BizTalk SSO affiliate application. Once deployed into SSO, the settings may be read dynamically at runtime within orchestrations, pipelines, maps and even ESB itineraries. One benefit of deploying your settings into SSO is that they are encrypted at rest, may be easily updated at runtime and are available from anywhere within the BizTalk group.

To deploy configuration settings into SSO, edit your Deployment Framework for BizTalk project file (.btdfproj) as follows:

1. Set the IncludeSSO property to true
The property may be included in any PropertyGroup, but is commonly placed in the first PropertyGroup in the project file.


This will cause an XML settings file (generated from the settings spreadsheet) that is appropriate for the environment to be deployed to the BizTalk SSO database. The SSO affiliate application is named after the value in the ProjectName element in the deployment project file.

2. Ensure that you have a PropsFromEnvSettings ItemGroup containing SsoAppUserGroup and SsoAppAdminGroup

The Deployment Framework for BizTalk needs to know the SSO security group names at runtime in order to deploy into SSO. The PropsFromEnvSettings ItemGroup must contain the setting names SsoAppUserGroup and SsoAppAdminGroup (semicolon separated) in order to import the setting values from the settings spreadsheet into MSBuild properties at runtime. The PropsFromEnvSettings Include attribute may also include any other setting names that you wish to bring over into MSBuild properties.

3. Ensure that the Excel settings spreadsheet contains SsoAppUserGroup and SsoAppAdminGroup settings

The settings spreadsheet (normally SettingsFileGenerator.xml) must contain two settings rows, one named SsoAppUserGroup and the other named SsoAppAdminGroup. The Default Values column normally contains the values BizTalk Application Users and BizTalk Server Administrators, respectively. These defaults are appropriate when you are using BizTalk on a development machine where the BizTalk security groups are local, not domain-based. In the environment-specific columns, you must enter the domain-qualified security group names, such as MYDOMAINBizTalk Server Administrators.

Your spreadsheet should look something like this (you will probably have different environment columns):

If you need runtime configuration with SSO-backed storage without putting the values in the settings file (or at least not for all environments) then consider using the UpdateSSOConfigItem MSBuild task to create or update a particular name-value pair. This can be used in your project file in a Target named CustomSSO, and it can pull values from environment variables established by SetEnvUI or any other MSBuild properties.

Here is an example:

After your application is deployed, you can find your affiliate application in the SSO Config Store using the BizTalk SSO Administration tool. However, you can not view or manipulate the settings with the SSO Administration tool. The Deployment Framework for BizTalk includes its own settings management tool, SSOSettingsEditor.exe, for deploy-time settings management.

Leave a Reply

Your email address will not be published. Required fields are marked *