Search Results

Search found 241 results on 10 pages for 'sso'.

Page 3/10 | < Previous Page | 1 2 3 4 5 6 7 8 9 10  | Next Page >

  • Single Sign On for WebServices, WCS, WFS, WMS (Geoserver), etc.

    - by lajuette
    I'm trying to implement a Single Sign On (SSO) for a web application. Maybe you can help me find a proper solution, give me a direction or tell me, that solutions already exist. The scenario: A GeoExt (ExtJS for geodata/map based apps) webapp (JavaScript only) has a login form to let the user authenticate himself. The authentication is not implemented yet, so i'm flexible with respect to that. After authenticating to the main webapp the user indirectly accesses multiple 3rd-party services like WebServices, GeoServer WFS, Google Maps, etc. These services might require additional authentication like credentials or keys. We are (so far) not talking about additional login screens, just some kind of "machine to machine"-authentication. The main problem: I'm unable to modify the 3rd party services (e.g. Google) to add a SSO mechanism. I'd like to have a solution that allows the user to log in once to have access to all the services required. My first idea was a repository that stores all the required credentials or keys. The user logs in and can retrieve all required information to acces sthe other services. Does anybody know of existing implementations, papers, maybe implementations of such services? Other requirements: The communication between the JS application and the repository must be secure. The credentials must be stored in a secure manner. But the JS app must be able to use them to access the services (no chance to store a decryption key in a JS-app securely, eh? *g).

    Read the article

  • Is it possible to disable/bypass the login popup caused by mod_auth_ntlm_winbind (Single Sign On) an

    - by cvack
    I have an intranet on a remote Web server. This will be integrated with Active Directory on our local server. The web server is running Apache / Linux and the AD server is running Windows 2003. This is all done with VPN. Login to the intranet is conducted in two ways: 1. Users who are logged in to AD to be logged in automatically with SSO. 2. Users who are NOT logged in to AD to be logged in using a common login form. In order to auto login (SSO) I use mod_auth_ntlm_winbind. The problem here is that the users not logged in to AD will get a popup box where they must enter their DOMAIN/username + AD password. If I disable this popup, there is no way to get $_SERVER['REMOTE_USER'] Then my question: Is it possible to turn off this popup box and still get the REMOTE_USER? Or: If possible, can I use AJAX to check if http://my-intranet/auth returns 401 error (non-AD users). If so, do not go to the /auth folder.

    Read the article

  • Passing input hidden params through urllib2 POST request

    - by ramrajedotcom
    I need to make POST request to CAS SSO server login page, and CAS login page has few input hidden params which are dynamically populated through java. I don't know how to read these hidden param values from response and pass in to CAS server. Without passing these hidden params I am not able to login. Does any one how to read input hidden param values from urllib2 response? Thanks in advance!

    Read the article

  • Can I use IIS to do ActiveDirectory single-sign-on for another website?

    - by brofield
    I'm trying to add Active Directory single-sign-on support to an existing SOAP server. The server can be configured to accept a trusted reverse-proxy and use the X-Remote-User HTTP header for the authenticated user. I want to configure IIS to be the trusted proxy for this service, so that it handles all of the Active Directory authentication for the SOAP server. Basically IIS would have to accept HTTP connections on port X and URL Y, do all the authentication, and then proxy the connection to a different server (most likely the same X and Y). Unfortunately, I have no knowledge of IIS or AD (so I am trying my best to learn enough to build this solution) so please be gentle. I would assume that this is not an uncommon scenario, so is there some easy way to do this? Is this sort of functionality built into IIS or do I need to build some sort of IIS proxy program myself? Is there a better option for getting the authentication done and the X-Remote-User HTTP header set than requiring IIS? Update: For example, what I am trying to create is: [CLIENT] [IIS] [AD] [SOAP-SERVER] 1. |---------------->| 2. |<--------------->|<---------->| 3. |--------------------------->| 4. |<---------------------------| 5. |<----------------| 1. POST to http://example.com/foo/bar.cgi 2. Client is not authenticated, so do authentication 3. Once validated, send request to server (X-Remote-User: {userid}) 4. Process request, send response 5. Forward response to client I need to know how to configure IIS to do the automatic authentication of the user using AD, and then to proxy the request to the actual server, sending the userid in the X-Remote-User HTTP header.

    Read the article

  • Single Sign On with adLDAP and apache (xampp 1.7.3)

    - by cvack
    I've successfully managed to connect to my Active Directory if I type in a username and password. To do this I'm using a PHP script called adLDAP. But I want my users to auto sign in if they are signed in on a computer connected to the Active Directory. If I understand things right, I need to use something called Single Sign On (SSO). I've tried searching for a tutorial on how to install this on a apache server running on windows 7, but with no luck. Could someone guide me in the right directions please? :)

    Read the article

  • Where can I get a one-off server of Active Directory for Developing against?

    - by umbrae
    We're not a windows shop, but one of our products is going to need to optionally integrate with Active Directory - things like SSO etc. I'd really rather not go through the rigamarole of setting up a whole server just to develop against it and then leave it hanging around for testing purposes. Is there a simple cloud-based service where I can purchase a server running active directory for a month or two just for development purposes? I looked into Amazon EC2 but it looks like you may still need to go through a significant set up (I may be wrong on this).

    Read the article

  • j_security_check to SSO in different module under Oracle App Server?

    - by thebearinboulder
    I have an existing j2ee application running on Oracle App Server. It is targeted towards paying customers so the content is secured and a SSO module properly intercepts all requests for secured content. Now the company is adding a unbranded public-facing module with a number of unsecured pages. At one point the user is expected to register for a free account and log in to proceed further. Think doctors adding a public-facing site with information for potential patients, or lawyers adding a public-facing site with information for potential clients. There's some information on the session and the usual approach would be to authenticate the user, persist the session information using the now-known user id, invalidate the existing session (to prevent certain types of attacks), the reload the session information before returning to the user. I can't just persist it under the session id since that's about to change. The glitch is that the existing application already has an SSO module and I get a 404 error every time I try to direct to j_security_check. I've tried that, /sso/j_security_check, even http://localhost/sso/j_security_check, all without success. I noticed that an earlier question said that tomcat requires access to a secured page before j_security_check is even visible. I don't know if that's the case with Oracle AS. Ideas? Or is the best approach to continue arguing that we have a different user base so it would be better to handle authentication in our own module anyway?

    Read the article

  • Standard Apache (not OHS) with mod_osso for Single Signon

    - by Markos Fragkakis
    The mod_osso.so (the Apache plugin for Single Signon, provided by Oracle) is distributed with the Oracle HTTP Server (OHS), which is essentially a modified Apache. I am trying to use it on the standard Apache HTTP Server, and have not managed to get it to work. Configuration: Apache 2.2.15 OHS from the Oracle Web Tier Tools 11.1.1.2.0 Red Hat Linux 64 bit I have: Included the module in the modules directory (copied from corresponding modules dir in OHS) Included the libraries libiau.so and libclutsh.so.11.1 from Oracle Home. The absence of these libraries produced an error on starting Apache. Produced a osso.conf using the ssoreg.sh tool provided with OID (the LDAP implementation of Oracle) Created the required mod_osso.conf file, which I included in httpd.conf. The error I get when starting Apache is this: # /opt/apache_sso/bin/apachectl -k start httpd: Syntax error on line 1075 of /opt/apache_sso/conf/httpd.conf: Syntax error on line 1 of /opt/apache_sso/conf/mod_osso.conf: Cannot load /opt/apache_sso/modules/mod_osso.so into server: /opt/apache_sso/modules/mod_osso.so: undefined symbol: _audit_authentication_request My mod_osso.conf: # cat /opt/apache_sso/conf/mod_osso.conf LoadModule osso_module modules/mod_osso.so <IfModule mod_osso.c> OssoIdleTimeout off OssoIpCheck on OssoConfigFile conf/osso.conf #Location is the URI you want to protect <Location /myapp> require valid-user #OHS 11g AuthType Osso #OHS 10g AuthType Basic AuthType Osso </Location> </IfModule> Has anyone made mod_osso work on standard Apache HTTP server?

    Read the article

  • josso newbie setup problems - can't use tomcat's manager page

    - by opensas
    I'm trying to setup josso on an apache tomcat server running on windows. I've installed Apache Tomcat/6.0.26 fro zip file to c:\tomcat then installed josso following the documentation at http://www.josso.org/confluence/display/JOSSO1/Quick+Start started tomcat with c:\tomcat\bin\startup.bat, and noticed the following warnings ADVERTENCIA: [SetPropertiesRule]{Server/Service/Engine/Realm} Setting property ' debug' to '1' did not find a matching property. 21/03/2010 15:55:03 org.apache.tomcat.util.digester.SetPropertiesRule begin ADVERTENCIA: [SetPropertiesRule]{Server/Service/Engine/Host/Valve} Setting prope rty 'appName' to 'josso' did not find a matching property. ... ADVERTENCIA: Unable to find required classes (javax.activation.DataHandler and j avax.mail.internet.MimeMultipart). Attachment support is disabled. ... ADVERTENCIA: Bean with key 'josso:type=SSOAuditManager' has been registered as a n MBean but has no exposed attributes or operations ... but then everything seems to work fine, the problem is I can no longer access http://localhost:8080/manager/html using user tomcat /tomcat, as configured in \conf\tomcat-users.xml (before installing josso it worked) I tried with tomcat/tomcatpwd as defined in \lib\josso-credentials.xml and even added tomcat and the manager role to \lib\josso-users.xml, with no luck... Is anybody having the same problem? how can I access tomcat's manager page? Thanks a lot saludos sas This is my config: C:\tomcat\bincatalina version Using CATALINA_BASE: "C:\tomcat" Using CATALINA_HOME: "C:\tomcat" Using CATALINA_TMPDIR: "C:\tomcat\temp" Using JRE_HOME: "c:\java" Using CLASSPATH: "C:\tomcat\bin\bootstrap.jar" Server version: Apache Tomcat/6.0.26 Server built: March 9 2010 1805 Server number: 6.0.26.0 OS Name: Windows XP OS Version: 5.1 Architecture: x86 JVM Version: 1.5.0_22-b03 JVM Vendor: Sun Microsystems Inc ps: moreover, when shutting down, I get a couple of error like this GRAVE: A web application appears to have started a thread named [JOSSOAssertionM onitor] but has failed to stop it. This is very likely to create a memory leak. 21/03/2010 15:57:06 org.apache.catalina.loader.WebappClassLoader clearReferences Threads and then tomcat's shutdown freezes at 21/03/2010 15:57:07 org.apache.coyote.ajp.AjpAprProtocol destroy INFO: Parando Coyote AJP/1.3 en ajp-8009 ps: sorry for this lengthy question...

    Read the article

  • How to use Windows login for single-sign-on and for Active Directory entries for Desktop Java applic

    - by Touko
    I'd like to have my desktop Java application to have single sign on related to Active Directory users. In two steps, I'd like to : Be sure that the particular user has logged in to Windows with some user entry. Check out some setup information for that user from the Active Directory With http://stackoverflow.com/questions/31394/java-programatic-way-to-determine-current-windows-user I can get the name of the current Windows user but can I rely to that? I think the System.getProperty("user.name") won't be secure enough? ("user.name" seems to be got from environment variables, so I can't rely on that, I think?) Question http://stackoverflow.com/questions/390150/authenticating-against-active-directory-with-java-on-linux provides me the authentication for given name+pass but I'd like to authenticate based on the Windows logon? For the Active Directory access, the LDAP would probably be the choise? I'm not totally sure if I'm asking the right questions but hopefully somebody has some ideas to forward me on.

    Read the article

  • Single Sign on- From our customer's Active Directory

    - by jbarker7
    We have an ASP.NET MVC website that a customer is requesting Active Directory single sign on. My thought is that we will need something behind their firewall in order to send encrypted credentials or a user's ID over to our server... any best practices or products that do this would be extremely helpful! Thanks! jbarker7

    Read the article

  • How do I use a ListProperty(users.user) in a djangoforms.ModelForm on Google AppEngine?

    - by Gabriel
    I have been looking around a bit for info on how to do this. Essentially I have a Model: class SharableUserAsset(db.Model): name = StringProperty() users = ListProperty(users.User) My questions are: What is the best way to associate users to this value where they are not authenticated, visa vi invite from contacts list etc.? Is there a reasonable way to present a list control easily in a djangoforms.ModelForm? Once a user logs in I want to be able to check if that user is in the list for any number of SharableUserAsset class "records", how do I do that? Does user evaluate as a match to an email address or is there a way to look up a valid user against an email address?

    Read the article

  • Using JBoss Web SingleSignOn with JBoss Seam

    - by Pich
    Has anyone successfully used JBoss Web SingleSignOn with JBoss Seam, or know if it is possible? I have two web app:s that I would like to share the same login functionality, ie if you sign into one web app you do not need to sign in again when accessing the other web app. Best regards P

    Read the article

  • Multiple websites, Single sign-on design

    - by Yannis
    Hi all, I have a question. A client I have been doing some work recently has a range of websites with different login mechanisms. He is looking to slowly migrate to a single sign-on mechanism for his websites (all written in asp.net mvc). I am looking at my options here, so here is a list of requirements: 1) It has to be secure (duh) 2) It needs to support extra user properties over and above the usual name, address stuff (such as money or credits for a user) 3) It has to provide a centralized user management web console for his convenience (I understand that this will be a small project on top of whatever design solution I choose to go for) 4) It has to integrate with the existing websites without re-engineering the whole product (I understand that this depends on the current product implementation). 5) It has to deal with emailing the user when he registers (in order for him to activate his account) 6) It has to deal with activating the user when he clicks the activate me link in the email (I understand that 5 and 6 require some form of email templating system to support different emails per application) I was thinking of creating a library working together with forms authentication that exposes whatever methods are required (e.g. login, logout, activate, etc. and a small restful service to implement activation from email, registration processing etc. Taking into account that loads of things have been left out to make this question brief and to the point, does this sound like a good design? But this looks like a very common problem so arent there any existing projects that I could use? Thanks for reading.

    Read the article

  • Does CAS Support Application Level Impersonation?

    - by Rob Wilkerson
    I have a PHP application that is successfully authenticating against a CAS server. One of the features supported by the application is impersonation; a user with the appropriate privileges can impersonate another of the application. Generally, this isn't a problem because the app itself can keep track of who the user is impersonating and manage privileges (which are based on username). A new requirement has come up, though, that requires the original app to include, via an iframe, content from a second PHP app that is also CAS-enabled. Somehow, I need for the second app to know whether impersonation is happening in the first. I don't want to pass usernames around for security reasons, so I'm wondering whether I can offload the responsibility for handling impersonation to the CAS server which is shared by both apps. Thanks.

    Read the article

  • Single-Sign-On ASP.NET MVC

    - by Mike
    Hi Guys, We are trying to build a cross-domain single-sign on solution using ASP.NET MVC. Something which works like this: User hits www.test.com [or www.test2.com or www.test3.com or www.testN.com] User clicks widget, login appears User signs into www.example.com from 2) i.e. from widget [x-domain signin] User is now logged in on www.test.com [authenticated from www.example.com] User visits [www.test2.com or www.test3.com or www.testN.com] and is signed in to www.example.com Any existing solutions or tutorials available ?

    Read the article

  • how to implement single sign on for asp.net,mysql websites

    - by kranthi
    Hi, I am using mysql database for my asp.net website.I need to implement to single sign on for multiple instances of my website.Currently to check if a user has logged in I am using a user control which checks for a "loggedin" cookie with single instance of the website.Now I need to extend the logic to achieve single signon for multiple instances of the same site. Could someone please help. Thanks.

    Read the article

  • Update get's stuck unpacking bad package, won't continue without it

    - by Shazzner
    Removing the package from cache, and disabling Recommended Updates in Software Sources gives me an error saying I need to install this package. I've tried to update several times, but it keeps hanging on unpacking the ubuntu-sso-client package. Which forces me to hard-reset to unlock the package manager. I've tried: sudo dpkg --configure -a No errors sudo apt-get upgrade --fix-broken Wants me to reinstall said package, resulting in it hanging Removing the package: sudo rm -f /var/cache/apt/archives/ubuntu-sso-client_1.0.8-0ubuntu1_all.deb Results in the same effect, it re-downloads then hangs I can de-select Recommended Updates but I get error messages when I try to update again: E: The package ubuntu-sso-client needs to be reinstalled, but I can't find an archive for it. Which won't let me continue Finally re-enabling the source, I try to remove ubuntu-sso sudo apt-get remove ubuntu-sso-client It removes a bunch of other packages but complains about the package: dpkg: error processing ubuntu-sso-client (--remove): Package is in a very bad inconsistent state - you should reinstall it before attempting a removal. Reinstalling ubuntu-sso-client hangs :( I'm at my wits end, any ideas? I would be nice to install all the other updates but this one is preventing it.

    Read the article

  • HTTPS request to a specific load-balanced virtual host (using Shibboleth for SSO)?

    - by Gary S. Weaver
    In one environment, we have three servers load balanced that have a single Tomcat instance on each, fronted by two different Apache virtual hosts. Each of those two virtual hosts (served by all three servers) has its own different load balancer. Internally, the first host (we'll call it barfoo) is served by port 443 (HTTPS) with its cert and the second host (we'll call it foobar) is served by port 1443 (HTTPS). When you hit foobar, it goes to the load balancer which is using IP affinity for that host, so you can easily test login/HTTPS on one of the servers serving foobar, but not the others (because you keep getting that server for the lifetime of the LB session, iirc). In addition, each of the servers are using Shibboleth v2 for authN/SSO, using mod_shib (iirc). So, a normal request to foobar hits the LB, is directed to the 3rd server (and will do that from then on for as long as the LB session lasts), then Apache, then to the Shibboleth SP which looks at the request, makes you login via negotiation with the Shibboleth IdP, then you hit Apache again which in turn hits Tomcat, renders, and returns the response. (I'm leaving out some steps there.) We'd like to hit one of the individual servers (foobar-03.acme.org which we'll say has IP 1.2.3.4) via HTTPS (skipping the load balancer), so we at first try putting this in /etc/hosts: 1.2.3.4 foobar.acme.org But since foobar.acme.org is a secondary virtual host running on 1443, it attempts to get barfoo.acme.org rather than foobar.acme.org at port 1443 and see that the cert for barfoo.acme.org is invalid for this case since it doesn't match the request's host, foobar.acme.org. I thought an ssh tunnel might be easy enough, so I tried: ssh -L 7777:foobar-03.acme.org:1443 [email protected] I tried just hitting https://localhost:7777/webappname in a browser, but when the Shibboleth login is over, it again tries to redirect to barfoo.acme.org, which is the default host for 443, and we get into an infinite redirect loop. I then tried setting up an SSH tunnel with privileged port 443 locally going to 443 of foobar-03.acme.org as the hostname for that virtual host: sudo ssh -L 443:foobar-03.acme.org:1443 [email protected] I also edited /etc/hosts to add: 127.0.0.1 foobar.acme.org This finally worked and I was able to get the browser to hit the individual HTTPS host at https://foobar.acme.org/webappname, bypassing the load balancer. This was a bit of a pain and wouldn't work for everyone, due to the requirement to use the local 443 port and ssh to the server. Is there an easier way to browse to and log into an individual host in this case?

    Read the article

< Previous Page | 1 2 3 4 5 6 7 8 9 10  | Next Page >