RE: Using the new 4D SSO feature on Windows

2018-03-02 Thread Benedict, Tom via 4D_Tech 
Timothy Penner > responded to Bob Miller 
>



>The whole idea with Single Sign On is that the user logs in to the machine, 
>and then subsequent system

>they use while logged in to the machine will use the same login credentials 
>automatically.



That's what I thought, but here (a Fortune 6 company) they are ultra-secure and 
SSO means that while you may have one user name and one password, but in 
addition to logging into your workstation or the network (Windows Login) you 
are also required to use it to log in to every application separately. So SSO 
means different things to different people.



Tom

Optum, Inc

This e-mail, including attachments, may include confidential and/or
proprietary information, and may be used only by the person or entity
to which it is addressed. If the reader of this e-mail is not the intended
recipient or his or her authorized agent, the reader is hereby notified
that any dissemination, distribution or copying of this e-mail is
prohibited. If you have received this e-mail in error, please notify the
sender by replying to this message and delete this e-mail immediately.
**
4D Internet Users Group (4D iNUG)
FAQ:  http://lists.4d.com/faqnug.html
Archive:  http://lists.4d.com/archives.html
Options: https://lists.4d.com/mailman/options/4d_tech
Unsub:  mailto:4d_tech-unsubscr...@lists.4d.com
**

RE: Using the new 4D SSO feature on Windows

2018-03-02 Thread Timothy Penner via 4D_Tech 
> In a different view of things (this wouldn't be SSO, but rather, using AD 
> authentication) there some way that I could present a login screen, accept  
> the user's ID and password, and send it to AD for authentication, receiving 
> back a "Good" or "Bad" reply?

Based on this, I think you want to look at the LDAP set of commands:
http://doc.4d.com/4Dv15/4D/15.5/Overview-of-LDAP-commands.300-3577142.en.html

> I'm also not clear on what 'Current client authentication' does other than 
> get the name of the current Windows user...

Quote: 
http://doc.4d.com/4Dv16R4/4D/16-R4/Current-client-authentication.301-3318031.en.html
" The Current client authentication command asks the Windows Active Directory 
server to authenticate the current client and, if successful, returns the 
Windows login name for this client (session identifier). If the authentication 
failed, an empty string is returned. "

> What is the return value of 'Current Client Authentication' and what is it 
> used for?  Why won't this work unless the switch is turned on in 4D Server 
> (since Win32api somehow can return the current user?)

Quote: 
http://doc.4d.com/4Dv16R4/4D/16-R4/Current-client-authentication.301-3318031.en.html
" This command can only be used in the context of an SSO implementation on 
Windows with 4D Server. For more information, please refer to the Single Sign 
On (SSO) on Windows section."



**
4D Internet Users Group (4D iNUG)
FAQ:  http://lists.4d.com/faqnug.html
Archive:  http://lists.4d.com/archives.html
Options: https://lists.4d.com/mailman/options/4d_tech
Unsub:  mailto:4d_tech-unsubscr...@lists.4d.com
**

RE: Using the new 4D SSO feature on Windows

2018-03-02 Thread Bob Miller via 4D_Tech 
RE> User A should not be sharing the machine with User B, otherwise, if 
they are sharing, then SSO should not be used.

OK, I accept that. 

In a different view of things (this wouldn't be SSO, but rather, using AD 
authentication) there some way that I could present a login screen, accept 
the user's ID and password, and send it to AD for authentication, 
receiving back a "Good" or "Bad" reply?


How about the other question, since we're on a roll:

I'm also not clear on what 'Current client authentication' does other than 
get the name of the 
current Windows user...


What is the return value of 'Current Client Authentication' and what is it 
used for?  Why won't this work unless the switch is turned on in 4D Server 
(since Win32api somehow can return the current user?)

Thanks,


Bob Miller
Chomerics, a division of Parker Hannifin Corporation


ll
"PLEASE NOTE: The preceding information may be confidential or privileged. It 
only should be used or disseminated for the purpose of conducting business with 
Parker. If you are not an intended recipient, please notify the sender by 
replying to this message and then delete the information from your system. 
Thank you for your cooperation."
**
4D Internet Users Group (4D iNUG)
FAQ:  http://lists.4d.com/faqnug.html
Archive:  http://lists.4d.com/archives.html
Options: https://lists.4d.com/mailman/options/4d_tech
Unsub:  mailto:4d_tech-unsubscr...@lists.4d.com
**

RE: Using the new 4D SSO feature on Windows

2018-03-02 Thread Timothy Penner via 4D_Tech 
Bob,

The whole idea with Single Sign On is that the user logs in to the machine, and 
then subsequent system they use while logged in to the machine will use the 
same login credentials automatically.

So with your situation of User A being logged in to the machine, but User B 
wants to use the 4D Application - this shouldn't happen. User A should not be 
sharing the machine with User B, otherwise, if they are sharing, then SSO 
should not be used.

-Tim



**
4D Internet Users Group (4D iNUG)
FAQ:  http://lists.4d.com/faqnug.html
Archive:  http://lists.4d.com/archives.html
Options: https://lists.4d.com/mailman/options/4d_tech
Unsub:  mailto:4d_tech-unsubscr...@lists.4d.com
**

Using the new 4D SSO feature on Windows

2018-03-02 Thread Bob Miller via 4D_Tech 
Hello,

I'm working on implementing SSO using 4D Server's new feature for that in 
our Windows environment.  I'm working with our corp AD security folks and 
haven't got it to work yet (lots of hoops to jump through), but am trying 
to figure out how it works in the absence of being able to try and test 
it.  Has anyone used it?

I'm not clear on when the SSO option is turned on, whether the user is 
presented with a login window of some sort.  I'm also not clear on what 
'Current client authentication' does other than get the name of the 
current Windows user, which is something I'm using Win32API for right now. 
 Comments, anyone?

A big mystery is how to handle the following scenario:

> User A is logged onto a PC and is authenticated to the domain

> User B wants to log into the 4D application.  I'm not clear whether 4D 
Server will present User B with a login screen where he will have to 
present his AD credentials, or whether it takes User A's credentials from 
the current session?

> If Server uses User A's credentials, how can User B indicate he doesn't 
want to use those and log on to the 4D app with his credentials, without 
changing the login to the machine?

> If server uses User B's credentials to log in, does Current client 
authentication return User A's session information or User B's session 
information?

Thank you,


Bob Miller
Chomerics, a division of Parker Hannifin Corporation


ll
"PLEASE NOTE: The preceding information may be confidential or privileged. It 
only should be used or disseminated for the purpose of conducting business with 
Parker. If you are not an intended recipient, please notify the sender by 
replying to this message and then delete the information from your system. 
Thank you for your cooperation."
**
4D Internet Users Group (4D iNUG)
FAQ:  http://lists.4d.com/faqnug.html
Archive:  http://lists.4d.com/archives.html
Options: https://lists.4d.com/mailman/options/4d_tech
Unsub:  mailto:4d_tech-unsubscr...@lists.4d.com
**