Jump to content

Single Sign-On via the Browser

Martin_S

By Martin_S
in FileMaker WebDirect

 Share

This topic is 3023 days old. Please don't post here. Open a new topic instead.

Recommended Posts

Martin_S Enthusiast

Martin_S

Posted
Posted

Hi

Ok, so we have just completed the set up of our test FM13 server and the application is being accessed via webdirect.

I have tested it on Chrome (as our managed image only runs IE8 at present), and I get a login dialog whuich i have to enter my network credentials into. Currently the application is secured by three different Active Directory groups based on the access level of the user, and the users would really like to know if it's possoble for them to not have to sign in?

The third party provider who set this up believed it was possible, but as WebDirect is new, there doesn't seem to be much info available. I've searched the user guides and they all mention SSO with ODBC, but I am pretty sure this doesn't apply here.

Can anyone tell me if what we need is possible, and if so how?

Thanks

Martin

Link to comment
Share on other sites
Steven H. Blackwell Grand Master

Steven H. Blackwell

Posted
Posted

As Wim said, SSO is not an option here.  What you can do, however, is use the Active Directory credentials. If the system is properly configured, those credentials will be accepted and the user can then access the file.  But the user must enter the credentials at the challenge prompt.

 

This same scenario is true for all other FileMaker client connections, except when both the Server and the Workstation are members of the domain,and both are running Windows OS.

 

If you have further questions, please come back and post them.  We will try to answer them for you.

 

Steven

Link to comment
Share on other sites
  • 1 year later...
Charles Delfs Community Regular

Charles Delfs

Posted
Posted (edited)

Good Day,

I have to tackle this same problem again this week actually ... providing SSO in a WD internal network.

I think there can be two approaches (one of which I have done before):

1 - Use SSOSO (SinglesSign on - Sort Of ) by grabbing the persistantID of the client you can identify them returning much like a cookie. (can use cookies too but more work) then once a user logs in successfully you can save that terminals ID and use it to identify them on return. This will not lock them out if they change their password or their access gets revoked obviously. I currently use this with a public facing WebDirect site where users log in and later return. To the user it looks exactly like a typical PHP cookie system

2 - Access SSO via PHP or similar. This is a bit more complicated but I think can work (i have not done this yet)

  • WebDirect Landing page opens and has a web viewer that accesses PHP page that checks creds via SSO back end and returns "access granted "or "denied" as well as the ID of the user
  • script on the WD home page checks the results of the viewer and depending roles in the user with the correct access privy or not.
  • The PHP would have to be written to be compatible with your SSO system

Let me know your thoughts.

And yes, the landing page of the Webdirect welcome page would be totally locked down. ;)

 

 

Edited by Charles Delfs
Link to comment
Share on other sites
  • 8 months later...

This topic is 3023 days old. Please don't post here. Open a new topic instead.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.

  I accept