Updated Ways to Store Data in BizTalk SSO Store

One of my more popular tools has been the BizTalk SSO Configuration Data Storage Tool.  At the time I built that, there was no easy way to store and manage Single Sign On (SSO) applications that were used purely for secure key/value pair persistence.

Since that time, a few folks (that I know of) have taken my tool and made it better.  You’ll find improvements from Paul Petrov here (with update mentioned here), and most recently by Mark Burch at BizTorque.net.  Mark mentioned in his post that Microsoft had stealthily released a tool that also served the purpose of managing SSO key/values, so I thought I’d give the Microsoft tool a quick whirl.

First off, I downloaded my own SSO tool, which I admittedly haven’t had a need to use for quite some time.  I was thrilled that it worked fine on my new BizTalk 2010 machine.


I created (see above) a new SSO application named SeroterToolApp which holds two values.  I then installed the fancy new Microsoft tool which shows up in the Start Menu under SSO Application Configuration.


When you open the tool, you’ll find a very simple MMC view that has Private SSO Application Configuration as the root in the tree.  Somewhat surprisingly, this tool does NOT show the SSO application I just created above in my own tool.  Microsoft elitists, think my application isn’t good enough for them.


So let’s create an application here and see if my tool sees it.  I right-click that root node in the tree and choose to add an application.  You see that I also get an option to import an application and choosing this prompts me for a “*.sso” file saved on disk.


After adding a new application, I right-clicked the application and chose to rename it.


After renaming it MicrosoftToolApp, I once again right-clicked the application and added a key value pair.  It’s nice that I can create the key and set its value at the same time.


I added one more key/value pair to the application.  Then, when you click the application name in the MMC console, you see all the key/value pairs contained in the application.


Now we saw earlier that the application created within my tool does NOT show up in this Microsoft tool, but what about the other way around?  If I try and retrieve the application created in the Microsoft tool, sure enough, it appears.


For bonus points, I tried to change the value of one of the keys from my tool, and that change is indeed reflected in the Microsoft tool.



So this clearly shows that I am a much better developer than anyone at Microsoft.  Or more likely, it shows that somehow the applications that my tool creates are simply invisible to Microsoft products.  If anyone gets curious and wants to dig around, I’d be somewhat interested in knowing why this is the case.

It’s probably a safe bet moving forward to use the Microsoft tool to securely store key/value pairs in Enterprise Single Sign On.  That said, if using my tool continues to bring joy into your life, than by all means, keep using it!


Author: Richard Seroter

Richard Seroter is Director of Developer Relations and Outbound Product Management at Google Cloud. He’s also an instructor at Pluralsight, a frequent public speaker, the author of multiple books on software design and development, and a former InfoQ.com editor plus former 12-time Microsoft MVP for cloud. As Director of Developer Relations and Outbound Product Management, Richard leads an organization of Google Cloud developer advocates, engineers, platform builders, and outbound product managers that help customers find success in their cloud journey. Richard maintains a regularly updated blog on topics of architecture and solution design and can be found on Twitter as @rseroter.

15 thoughts

  1. Hi Richard, just wanted to point out that we also include a fully integrated settings management solution in the Deployment Framework for BizTalk (http://biztalkdeployment.codeplex.com). The Framework ships with an easy-to-use Excel spreadsheet (based on the Environment Settings Manager on CodePlex) that allows all settings across environments to be managed in one place. Those settings can be auto-deployed into SSO and used to update binding and other XML files. Once the app is deployed and the settings move to SSO, we include a GUI that allows editing of the settings in SSO in real time. For the BizTalk app itself, we include a .NET class library that allows an orchestration or pipeline component to easily pull settings out of SSO. I’m still waiting for your review of the Deployment Framework for BizTalk! 🙂

  2. Hi Richard,

    I’m a long time fan and your SSO tool has been a big help to me in the past. Mark Burch asked me to look into how the list of applications is being stored/managed by the Microsoft SSO MMC snap-in. As you’ve pointed out, your tool happily brings up SSO applications registered by the MMC snapin, but not the other way around. Similarly the MSBuild task (that ships with the MMC snapin) also fails to register SSO applications such that the MMC snapin lists them.

    Luckily the MMC is implemented largly in managed code. Using reflector discovered the following:

    Applications are being queried and listed by the MMC like this:

    public string[] GetApplications()
    string str = string.Format(“Select ai_app_name from SSOX_ApplicationInfo where ai_contact_info='{0}'”, this._bizTalkEmailAddress);
    SqlConnection connection = new SqlConnection();
    connection.ConnectionString = “Data Source=” + this._ssoDBServer + “; Initial Catalog=” + this._ssoDB + “; Integrated Security=SSPI”;


    Checkout the where clause. _bizTalkEmailAddress is being set in the constructor like this:

    this._bizTalkEmailAddress = “BizTalkAdmin@{0}.com”;
    this._bizTalkEmailAddress = string.Format(this._bizTalkEmailAddress, ConfigurationManager.AppSettings[“CompanyName”]);

    The app.config for the SSO MMC snapin gets created at install time, and prompts you for a company name during the install process:

    So the MMC queries SSO applications directly from the SSODB (its location is determined from the registry) as follows:

    Select ai_app_name from SSOX_ApplicationInfo where ai_contact_info=’BizTalkAdmin@FooCompany.com’

    The end.

  3. I imagine there are many incarnations of tools similar to this, I too have written one for this purpose and it doesn’t look massively dissimilar!

    You can though, as I found out after writing my own app, edit config stores through the standard ENTSSO Admin console (in 2006 at least). Albeit not create new ones.

    Under the Affiliate Applications folder you can set the view to include “Config Store”.

    1. I think you can add the App user/Admin as follows;
      Open up SSO Administration
      Select Affiliate Applications
      Select View and Tick Config Store
      Right Click eOrder and select Properties
      Select the Accounts tab
      Click Add below Application Users
      Type your user and click OK
      Right Click Application and select Properties
      Select the Accounts tab
      Click Add below Application Users
      Type your useer and click OK

  4. Thanks for the post…Was wondering why all the old sso entries are not showing up..Went and updated the ai_contact_info=’BizTalkAdmin@FooCompany.com’ in the SSOX_ApplicationInfo table and every thing started showing up …

  5. You are correct that if I use your tool to create an application then Microsoft will not display it but the vice-versa is true. I did notice that if I delete an application using your tool, then microsoft tool does show that. For some reasons, it just does not display applications that are added using your tool.

  6. Hi Richard,
    Thank you for being a great time saver, One thing that is annoying me in your tool, under the manage tab if i add a new property/value in the grid, when i hit save settings, it does not save it. Also if i modify the name of a property, that property disappears after hitting save settings instead of showing the corrected value. Let me know if i am doing something wrong or this is not a normal behaviour ?

  7. Hi Richard,
    In a earlier comment i noted a couple of bugs, I was given this app by someone, and just realized that it has your name on top but its actually Paul Petrov’s version. He improved it but broke it as well. I think you shoudl not recommend that version on your site. BTW, does your version also behave the same way? just curious. Have not downloaded you version since my work firewall is blocking your link 🙂

    1. Hi there,

      It’s been a while since I’ve reviewed this code (although the source code is included in the link that is blocked at work!). I don’t recall that being a problem with my version of the app.

  8. Hi richard,

    I am using this tool from past 4 months.So far i haven’t face any problems.
    But from past 2 days its behaving weird. Every time i open up and edit the values its messing all the values.We are ready to go to QA.But now SSO is headache for us.

    I didn’t find any problem for that.Can you guide me what to do.


Leave a Reply to Richard Seroter Cancel reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.