RE: Using the new 4D SSO feature on Windows
Timothy Penner> responded to Bob Miller > >The whole idea with Single Sign On is that the user logs in to the machine, >and then subsequent system >they use while logged in to the machine will use the same login credentials >automatically. That's what I thought, but here (a Fortune 6 company) they are ultra-secure and SSO means that while you may have one user name and one password, but in addition to logging into your workstation or the network (Windows Login) you are also required to use it to log in to every application separately. So SSO means different things to different people. Tom Optum, Inc This e-mail, including attachments, may include confidential and/or proprietary information, and may be used only by the person or entity to which it is addressed. If the reader of this e-mail is not the intended recipient or his or her authorized agent, the reader is hereby notified that any dissemination, distribution or copying of this e-mail is prohibited. If you have received this e-mail in error, please notify the sender by replying to this message and delete this e-mail immediately. ** 4D Internet Users Group (4D iNUG) FAQ: http://lists.4d.com/faqnug.html Archive: http://lists.4d.com/archives.html Options: https://lists.4d.com/mailman/options/4d_tech Unsub: mailto:4d_tech-unsubscr...@lists.4d.com **
RE: Using the new 4D SSO feature on Windows
> In a different view of things (this wouldn't be SSO, but rather, using AD > authentication) there some way that I could present a login screen, accept > the user's ID and password, and send it to AD for authentication, receiving > back a "Good" or "Bad" reply? Based on this, I think you want to look at the LDAP set of commands: http://doc.4d.com/4Dv15/4D/15.5/Overview-of-LDAP-commands.300-3577142.en.html > I'm also not clear on what 'Current client authentication' does other than > get the name of the current Windows user... Quote: http://doc.4d.com/4Dv16R4/4D/16-R4/Current-client-authentication.301-3318031.en.html " The Current client authentication command asks the Windows Active Directory server to authenticate the current client and, if successful, returns the Windows login name for this client (session identifier). If the authentication failed, an empty string is returned. " > What is the return value of 'Current Client Authentication' and what is it > used for? Why won't this work unless the switch is turned on in 4D Server > (since Win32api somehow can return the current user?) Quote: http://doc.4d.com/4Dv16R4/4D/16-R4/Current-client-authentication.301-3318031.en.html " This command can only be used in the context of an SSO implementation on Windows with 4D Server. For more information, please refer to the Single Sign On (SSO) on Windows section." ** 4D Internet Users Group (4D iNUG) FAQ: http://lists.4d.com/faqnug.html Archive: http://lists.4d.com/archives.html Options: https://lists.4d.com/mailman/options/4d_tech Unsub: mailto:4d_tech-unsubscr...@lists.4d.com **
RE: Using the new 4D SSO feature on Windows
RE> User A should not be sharing the machine with User B, otherwise, if they are sharing, then SSO should not be used. OK, I accept that. In a different view of things (this wouldn't be SSO, but rather, using AD authentication) there some way that I could present a login screen, accept the user's ID and password, and send it to AD for authentication, receiving back a "Good" or "Bad" reply? How about the other question, since we're on a roll: I'm also not clear on what 'Current client authentication' does other than get the name of the current Windows user... What is the return value of 'Current Client Authentication' and what is it used for? Why won't this work unless the switch is turned on in 4D Server (since Win32api somehow can return the current user?) Thanks, Bob Miller Chomerics, a division of Parker Hannifin Corporation ll "PLEASE NOTE: The preceding information may be confidential or privileged. It only should be used or disseminated for the purpose of conducting business with Parker. If you are not an intended recipient, please notify the sender by replying to this message and then delete the information from your system. Thank you for your cooperation." ** 4D Internet Users Group (4D iNUG) FAQ: http://lists.4d.com/faqnug.html Archive: http://lists.4d.com/archives.html Options: https://lists.4d.com/mailman/options/4d_tech Unsub: mailto:4d_tech-unsubscr...@lists.4d.com **
RE: Using the new 4D SSO feature on Windows
Bob, The whole idea with Single Sign On is that the user logs in to the machine, and then subsequent system they use while logged in to the machine will use the same login credentials automatically. So with your situation of User A being logged in to the machine, but User B wants to use the 4D Application - this shouldn't happen. User A should not be sharing the machine with User B, otherwise, if they are sharing, then SSO should not be used. -Tim ** 4D Internet Users Group (4D iNUG) FAQ: http://lists.4d.com/faqnug.html Archive: http://lists.4d.com/archives.html Options: https://lists.4d.com/mailman/options/4d_tech Unsub: mailto:4d_tech-unsubscr...@lists.4d.com **
Using the new 4D SSO feature on Windows
Hello, I'm working on implementing SSO using 4D Server's new feature for that in our Windows environment. I'm working with our corp AD security folks and haven't got it to work yet (lots of hoops to jump through), but am trying to figure out how it works in the absence of being able to try and test it. Has anyone used it? I'm not clear on when the SSO option is turned on, whether the user is presented with a login window of some sort. I'm also not clear on what 'Current client authentication' does other than get the name of the current Windows user, which is something I'm using Win32API for right now. Comments, anyone? A big mystery is how to handle the following scenario: > User A is logged onto a PC and is authenticated to the domain > User B wants to log into the 4D application. I'm not clear whether 4D Server will present User B with a login screen where he will have to present his AD credentials, or whether it takes User A's credentials from the current session? > If Server uses User A's credentials, how can User B indicate he doesn't want to use those and log on to the 4D app with his credentials, without changing the login to the machine? > If server uses User B's credentials to log in, does Current client authentication return User A's session information or User B's session information? Thank you, Bob Miller Chomerics, a division of Parker Hannifin Corporation ll "PLEASE NOTE: The preceding information may be confidential or privileged. It only should be used or disseminated for the purpose of conducting business with Parker. If you are not an intended recipient, please notify the sender by replying to this message and then delete the information from your system. Thank you for your cooperation." ** 4D Internet Users Group (4D iNUG) FAQ: http://lists.4d.com/faqnug.html Archive: http://lists.4d.com/archives.html Options: https://lists.4d.com/mailman/options/4d_tech Unsub: mailto:4d_tech-unsubscr...@lists.4d.com **