Re: Single Sign On and Mid-Tier
Axton, We have IIS currently doing a SSO with a custom web application. Reading Remedy's white paper on building the bridge via java and c++, it didn't look like it was going to be an easy process to build the code to get the credentials from IIS. If you have any examples or links to follow up on this, I would really appreciate it. Thanks to everyone who wrote back. Jason On Tue, 10 Oct 2006 21:28:21 -0400, Axton <[EMAIL PROTECTED]> wrote: >It all depends on your level of trust for the method of >authentication. If you trust that IIS can properly retrieve the >user's information, then you can write an SSO solution for that >environment, granted all your target users are in an M$ domain and run >an M$ OS. > >If this is not the case, you will need to find an alternative. >PKI/Smartcards have been discussed extensively, though I'm not sure if >a solution has been developed (maybe someone in that arena could share >what type of infrastructure/software they use for that type of >authentication, then again, maybe not). > >From my observations, SSO solutions typically have a server component >that resides on the web server. Certain areas of the web server can >then be marked as protected, where authentication is required for >users to access that portion of the site. The SSO session is >established the first time a user authenticates to an SSO protected >site and those credentials persist for all/any access across other >sites that are protected using the same server side SSO software. The >session persistence is accomplished by storing some session >information on the SSO policy server, and that is >cross-referenced/autheticated using a client-side cookie. > >For some free (some maybe not so free) alternatives: >http://www.josso.org/ >http://www3.ca.com/solutions/Product.aspx?ID=166 >https://opensso.dev.java.net/ > >Axton Grams > >On 9/25/06, Jason Tuomy <[EMAIL PROTECTED]> wrote: >> I'm looking to implement a Single Sign On via mid-tier. I searched the >> archives but couldn't find any details. My customer is wanting to be able >> to point a user to the mid-tier and get them past the authentication >> without requiring the user to login. >> >> This would mean to somehow get their login and password credentials from >> their windows environment or something and pass it to the mid-tier and set >> the user directly to where they need to be. >> >> I found that there are plenty of SSO software out there that will get some >> form of this data and put it into some kind of HTTP token that I could >> then retrieve (via White Paper) and pass to mid-tier. >> >> I was wondering if I have to have SSO software or is there some way to do >> this without purchasing software. Again, my customer doesn't want to have >> the user do a login/password process to get to mid-tier. So, using LDAP >> doesn't seem to be the right process. Unless I can retrive the password >> and store it locally. >> >> Any help would be greatly appreciated. Thanks. >> Jason Tuomy >> >> ___ >> UNSUBSCRIBE or access ARSlist Archives at http://www.wwrug.org >> > >__ _ >UNSUBSCRIBE or access ARSlist Archives at http://www.wwrug.org >= ___ UNSUBSCRIBE or access ARSlist Archives at http://www.wwrug.org
Re: Single Sign On and Mid-Tier
If you already Trust your Client.. because it is Force to be on the domain and that is fine.. then what you can do instead is to use an ldap authentication.. that has an escalation that imports all AD customers into Remedy Userform.. at the same time embed a Special password into the userform with it.. (you might want to exclude your licensed customers) and then make the JSP - as autologin, with a ldap verify, and the embedded Remedy password. This is one solution I have seen and tested .. and works.. just not very .. Huhummm.. Kosher.. On 10/10/06, Keats Kirsch <[EMAIL PROTECTED]> wrote: If your client doesn't already have a Web SSO solution in place then they would need to set up one first. There are free and commercial products available, but it is a non-trivial exercise. Once you have that, you need to configure the mid-tier to forward the SSO credentials (in 6.x you use a custom Java authenticator class for this.) and develop a custom AREA plug-in for Remedy to validate them. We have done this using CA's SiteMinder Web SSO. Modifying the sample C++ application was fairly straightforward. Hope this helps. Keats Jason Tuomy wrote: > I'm looking to implement a Single Sign On via mid-tier. I searched the > archives but couldn't find any details. My customer is wanting to be able > to point a user to the mid-tier and get them past the authentication > without requiring the user to login. > > This would mean to somehow get their login and password credentials from > their windows environment or something and pass it to the mid-tier and set > the user directly to where they need to be. > > I found that there are plenty of SSO software out there that will get some > form of this data and put it into some kind of HTTP token that I could > then retrieve (via White Paper) and pass to mid-tier. > > I was wondering if I have to have SSO software or is there some way to do > this without purchasing software. Again, my customer doesn't want to have > the user do a login/password process to get to mid-tier. So, using LDAP > doesn't seem to be the right process. Unless I can retrive the password > and store it locally. > > Any help would be greatly appreciated. Thanks. > Jason Tuomy > > ___ > UNSUBSCRIBE or access ARSlist Archives at http://www.wwrug.org ___ UNSUBSCRIBE or access ARSlist Archives at http://www.wwrug.org -- Patrick Zandi ___ UNSUBSCRIBE or access ARSlist Archives at http://www.wwrug.org
Re: Single Sign On and Mid-Tier
It all depends on your level of trust for the method of authentication. If you trust that IIS can properly retrieve the user's information, then you can write an SSO solution for that environment, granted all your target users are in an M$ domain and run an M$ OS. If this is not the case, you will need to find an alternative. PKI/Smartcards have been discussed extensively, though I'm not sure if a solution has been developed (maybe someone in that arena could share what type of infrastructure/software they use for that type of authentication, then again, maybe not). From my observations, SSO solutions typically have a server component that resides on the web server. Certain areas of the web server can then be marked as protected, where authentication is required for users to access that portion of the site. The SSO session is established the first time a user authenticates to an SSO protected site and those credentials persist for all/any access across other sites that are protected using the same server side SSO software. The session persistence is accomplished by storing some session information on the SSO policy server, and that is cross-referenced/autheticated using a client-side cookie. For some free (some maybe not so free) alternatives: http://www.josso.org/ http://www3.ca.com/solutions/Product.aspx?ID=166 https://opensso.dev.java.net/ Axton Grams On 9/25/06, Jason Tuomy <[EMAIL PROTECTED]> wrote: I'm looking to implement a Single Sign On via mid-tier. I searched the archives but couldn't find any details. My customer is wanting to be able to point a user to the mid-tier and get them past the authentication without requiring the user to login. This would mean to somehow get their login and password credentials from their windows environment or something and pass it to the mid-tier and set the user directly to where they need to be. I found that there are plenty of SSO software out there that will get some form of this data and put it into some kind of HTTP token that I could then retrieve (via White Paper) and pass to mid-tier. I was wondering if I have to have SSO software or is there some way to do this without purchasing software. Again, my customer doesn't want to have the user do a login/password process to get to mid-tier. So, using LDAP doesn't seem to be the right process. Unless I can retrive the password and store it locally. Any help would be greatly appreciated. Thanks. Jason Tuomy ___ UNSUBSCRIBE or access ARSlist Archives at http://www.wwrug.org ___ UNSUBSCRIBE or access ARSlist Archives at http://www.wwrug.org
Re: Single Sign On and Mid-Tier
If your client doesn't already have a Web SSO solution in place then they would need to set up one first. There are free and commercial products available, but it is a non-trivial exercise. Once you have that, you need to configure the mid-tier to forward the SSO credentials (in 6.x you use a custom Java authenticator class for this.) and develop a custom AREA plug-in for Remedy to validate them. We have done this using CA's SiteMinder Web SSO. Modifying the sample C++ application was fairly straightforward. Hope this helps. Keats Jason Tuomy wrote: > I'm looking to implement a Single Sign On via mid-tier. I searched the > archives but couldn't find any details. My customer is wanting to be able > to point a user to the mid-tier and get them past the authentication > without requiring the user to login. > > This would mean to somehow get their login and password credentials from > their windows environment or something and pass it to the mid-tier and set > the user directly to where they need to be. > > I found that there are plenty of SSO software out there that will get some > form of this data and put it into some kind of HTTP token that I could > then retrieve (via White Paper) and pass to mid-tier. > > I was wondering if I have to have SSO software or is there some way to do > this without purchasing software. Again, my customer doesn't want to have > the user do a login/password process to get to mid-tier. So, using LDAP > doesn't seem to be the right process. Unless I can retrive the password > and store it locally. > > Any help would be greatly appreciated. Thanks. > Jason Tuomy > > ___ > UNSUBSCRIBE or access ARSlist Archives at http://www.wwrug.org ___ UNSUBSCRIBE or access ARSlist Archives at http://www.wwrug.org
