Re: SSO via user tool

[Wixson Carolyn L PSNS]

Title: Re: SSO via user tool

**

Benjamin,

 

We are also CAC enabled. We need to get the mid-tier up for Requesters to submit tickets. Our management does not want them to see a login screen.

 

Can you share your CAC solution?

 

We are currently using:

  ARS ver 5.1.2

  HelpDesk ver 5.6

 

We may be upgrading to ARS ver 6.3 very soon.

 

Any help you can give will be GREATLY appreciated.

Carolyn Wixson 
(360) 476-6197
PSNS & IMF
Remedy ARS Administrator

-----Original Message-----
From: Watson Benjamin A Contr AFWA/XOO [mailto:[EMAIL PROTECTED]
Sent: Friday, August 04, 2006 10:31
To: arslist@ARSLIST.ORG
Subject: Re: [ARSLIST] SSO via user tool

**

I tend to agree with Scott in that a majority of the solutions I found were "glorified password managers" that would essentially store/encrypt user passwords locally.  The user could then associate a stored password to an application and, upon launching the application, the password manager would supply the data.

 

In our particular shop, we had Remedy set up to authenticate against the network, but that functionality went away when we transitioned to DoD Common Access Cards (CAC) to access the LAN.

 

One of the developers I worked with was clever enough to write his own application to read the credentials from the CAC and use that to authenticate and log into Remedy.  This functionality has been mirrored to the web.  The only "slightly" annoying thing is that you must enter your PIN, but it works.

 

This approach is nice in that smart card login can handle verifying that the credientials on the CAC against a certificate authority when accessing the LAN, which has all been invented before.

 

//SIGNED//
BENJAMIN A WATSON, Contractor, AFWA/XOO
SAIC - Remedy Team
Commercial: (402) 294-8225
DSN: 271-8225
mailto:[EMAIL PROTECTED]
mailto:[EMAIL PROTECTED]

 

---

From: Action Request System discussion list(ARSList) [mailto:[EMAIL PROTECTED] On Behalf Of Scott Hammons
Sent: Friday, August 04, 2006 11:44 AM
To: arslist@ARSLIST.ORG
Subject: Re: SSO via user tool

**

I believe Doug may be referring to the built in integration to provide an SSO functionality against an LDAP store.  If this is the case, this is just telling Remedy to use the LDAP store to handle the authentication.  This would then handle the SSO functionality for both the web app and the client.  I could be wrong, but this is my assumption. If Doug could clarify this, it would be helpful in understanding the stated direction for Remedy.

 

Having said that, I just worked with a client who did a major comparison between the leading "SSO" vendors on the market.  All of them could be characterized as "password management with a nomenclature of sso...." Some work better than others, but essentially they are all pitching the same thing. 

 

For a true "SSO" solution, you would have to a have central repository that all applications could reference for authentication information.  LDAP is the closest your going to get to that and not all applications support LDAP integration.  As a matter of fact, most applications handle authentication individually with their own login interfaces.  So the closest thing you have in the marketplace today for SSO is "password management" applications that will allow users to manage their credentials to all their required applications.  To the end user this still provides the "SSO" experience regardless of how it is handled on the backend. 

 

It's good to see this discussion taking place in the ARSList, as this seems to be the hot topic across most industries today.    I'm looking forward to ongoing discussions in this area.

 

Just my .02.

 

Scott

 

 

 

---

From: Action Request System discussion list(ARSList) on behalf of patrick zandi
Sent: Fri 8/4/2006 08:52
To: arslist@ARSLIST.ORG
Subject: Re: SSO via user tool

I was told by Doug.. that there would be Built in Functionality on the
usertool to do this already.. no documentation on it.. but it is
there..
now.. with that said.. I have a ticket in on this and have recieved no
feedback on the latest.. I am planning on following up on this next
week.. I hope.
I know I had issues with the original version of their plugin.. (remedy's)
it worked with a userid and a password.. well we don't do that anymore.. so..
But do not know the latest...

I understood clearly that the same functionality that gives you sso on
mid-tier is built into the client tool so that you can SSO exactly the
same way.. using there plug-in.. they (suppose to anyway) have a
sample with all the code and plug-in stuff into a windows based file..
and once compiled it just works.. so..

The other ones listed here.. I understood to be more of a password
managment with a nomenclature of sso.. which they are not, to include
the one remedy sells.


On 8/4/06, Tyrone Dee <[EMAIL PROTECTED]> wrote:
> Scott - I would be interested in pricing and information.
>
> Thanks!
>
>
>
> -----Original Message-----
> From: Action Request System discussion list(ARSList)
> [mailto:arslist@ARSLIST.ORG] On Behalf Of Scott Hammons
> Sent: August 3, 2006 1:54 PM
> To: arslist@ARSLIST.ORG
> Subject: Re: SSO via user tool
>
> Richard,
>
> As Garron mentioned there is a 3rd Party solution from a company called
> Passlogix that provides this capability.  It is actually not to hard to
> setup and configure for Remedy.   I've deployed the IBM branded version
> against the Remedy Web Interface, the Remedy user tool, and the Remedy alert
> tool.
>
> You can obtain the product from a number of vendors including Passlogix
> directly, BMC (which is OEMing the Passlogix product), or IBM (which is
> OEMing the same product).
>
> While this will resolve the immediate need for providing SSO functionality
> to the Remedy User tool, it will also assist the company as a whole by
> giving them the capability to provide SSO to most web-based, windows based,
> and host based applications beyond Remedy.
>
> Let me know if you want information on pricing because we can resell both
> the Passlogix and IBM versions.
>
> HTH,
>
> Scott
>
> ________________________________
>
> From: Action Request System discussion list(ARSList) on behalf of Richard
> Baird
> Sent: Thu 8/3/2006 11:52
> To: arslist@ARSLIST.ORG
> Subject: SSO via user tool
>
>
>
> Hi Folks......
>
> Does anyone have an SSO solution for the user tool. I've used the ldap plug-
> in(s) a bit, but what the user's want is to log in to their domain account
> on the PC and then not have to log in to remedy. My understanding is that
> using AREA they will still have to log in but the auth is against the
> directory rather than the user form.
>
> After talking to some folks and browsing the ARSList archives, there seem to
> be ways to do this when users are connecting via mid-tier (but not pretty
> ways...;), but what about usertool?
>
> Thanks in advance for any comments/suggestions
>
> Cheers,
>
> Richard
>
> ____________________________________________________________________________
> ___
> UNSUBSCRIBE or access ARSlist Archives at http://www.wwrug.org
> <http://www.wwrug.org/>
>
>
>
> ____________________________________________________________________________
> ___
> UNSUBSCRIBE or access ARSlist Archives at http://www.wwrug.org
>
> _______________________________________________________________________________
> UNSUBSCRIBE or access ARSlist Archives at http://www.wwrug.org
>


--
Patrick Zandi

_______________________________________________________________________________
UNSUBSCRIBE or access ARSlist Archives at http://www.wwrug.org

__20060125_______________________This posting was submitted with HTML in it___ __20060125_______________________This posting was submitted with HTML in it___

__20060125_______________________This posting was submitted with HTML in it___