Hi Tim, You have clearly a lot of experience with this, and I have none, so I probably shouldn’t have joined the thread. However, I have a long standing interest in SSO and Authentication in general.
What I’ve found, after working many years for a large enterprise organization which has very high information security standards, is that System Administrators don’t like custom user access systems and Auditors like them even less. What they do like are things like Active Directory and LDAP. So my point is that any 4D app in an enterprise environment should use the enterprise standard. Now that 4D has the tools to use Active Directory, they should be used exclusively, without any custom feature access management buried inside the application. System Administrators want to set access privileges in Active Directory, not in 4D (and they definitely don’t want to do it both places). I’ve never done the work in 4D, so I don’t have any implementation details on how this would be done in 4D, but it appears, from the 4D Blog posting, that v17R3 can do this. Having said that, I think there are lots of places where ‘hybrid’ systems like the ones you’ve described are appropriate. BTW, at my previous employer, a Fortune 6 company, the term SSO meant that you had one username and password which you had to enter every time you logged into an application. That’s not the traditional definition of SSO, and I was annoyed every time I had to log in using the “Single Sign On” dialog! So, there seems to be a range of definitions for SSO. Tom Benedict > On Jan 9, 2019, at 08:25, Tim Nevels <timnev...@mac.com> wrote: > > On Jan 8, 2019, at 10:36 AM, Tom Benedict <benedic...@comcast.net> wrote: > >> Here’s a link to instructions on how to set up a test Active Directory >> instance which might work for your testing. I haven’t tried it yet. >> https://auth0.com/docs/connector/test-dc It might help. >> >> As far as switching between 4D Authentication and SSO, I’m thinking that >> would be very useful. Even Microsoft SQL Server offers the option of >> Authentication via Windows Login (Active Directory) or SQL Server Login at >> client login time. The documentation doesn’t mention that kind of support >> though. >> http://doc.4d.com/4Dv17/4D/17/Single-Sign-On-SSO-on-Windows.300-3743254.en.html >> I haven’t verified this. > > Hi Tom, > > It is up to you the 4D Designer and developer of your application to do the > switching. You must do this via programming code and settings changes you > make in the Design environment. 4D’s SSO implementation is just to make the > “Current client authentication” command work. That’s it. > > You say “switching between 4D Authentication and SSO”, but exactly what do > you mean? Is “4D Authentication” mean using the built in 4D User and Groups > system and the dialog box that 4D provides when you have assigned a password > to the Designer user? > > What do you mean when you say “SSO”? Are you saying you have turned on the > “Authentication of user with domain server” checkbox? Because once you turn > on that checkbox your database continues to function exactly the same as if > it is off. Nothing new happens. > > If your database shows the 4D User dialog box to allow selecting a user and > typing in a password, turning on the “Authentication of user with domain > server” checkbox will not change that. The dialog box will still be displayed > to users when they try to connect to 4D Server. > > You must change your database so that it does not display the 4D User login > dialog box. You must make that stop appearing by using the “Default user” > option. > > https://doc.4d.com/4Dv17/4D/17/Setting-a-Default-User.300-3743513.en.html > > Then you can write code in your “On Startup” method to call the “Current > client authentication” command and do something with the information it > returns. You decide via your programming code whether to let the user get > into your application or you call “QUIT 4D” and not let them in. > > Tim > > ***************************************** > Tim Nevels > Innovative Solutions > 785-749-3444 > timnev...@mac.com > ***************************************** > ********************************************************************** 4D Internet Users Group (4D iNUG) Archive: http://lists.4d.com/archives.html Options: https://lists.4d.com/mailman/options/4d_tech Unsub: mailto:4d_tech-unsubscr...@lists.4d.com **********************************************************************
