Jump to content

Is it possible to Relogin as an External Account


This topic is 4815 days old. Please don't post here. Open a new topic instead.

Recommended Posts

Is it possible to have a script re-login using an external account? We have SSO working great when the file initially opens, but we would like to allow the user to perform some functions using a local Filemaker account, and then relogin as their AD account without without having to close the file and open it again.

Also, when the user is not in the active directory group designated in the external account, is there a way to have Filemaker not ask for a login? We would rather give the user a message that they need to contact the Administrator about being added to the Group. Unfortunat4ely this happens before the file opens so I can't display any message at this point. I tried enabling the guest account hoping it would fall back to that and I could have the open script to check for that and show the message, but it still asks for a Filemaker password if the AD account is not in the group.

Link to comment
Share on other sites

Yes, to your first question.

No to your second. The account is to authenticate you and allow you to open the file. Your code can only execute if the user is already allowed in the file.

You can however create another file and use the generic "domain users" AD group as the external account. Then capture the user's AD account (with the FM get(accountname) function) and fire off a VBscript to check if that account is part of whatever AD group he should belong and if not show your message. If the user does belong to the correct AD group your script can then proceed to open the main solution file which will happen without prompting.

Link to comment
Share on other sites

Yes, to your first question.

No to your second. The account is to authenticate you and allow you to open the file. Your code can only execute if the user is already allowed in the file.

You can however create another file and use the generic "domain users" AD group as the external account. Then capture the user's AD account (with the FM get(accountname) function) and fire off a VBscript to check if that account is part of whatever AD group he should belong and if not show your message. If the user does belong to the correct AD group your script can then proceed to open the main solution file which will happen without prompting.

Sounds like a plan on the 2nd issue.

For the first one, how do I make it trigger the Single SIgn On (i.e. user does not have to enter username and password) when having them Re-Login with the file already open? I tried defining the Re-Login step with the AD group name as the account, but that doesn't work. I have their username stored so I can put that in the script step, but I obviously don't know their password. Can SSO only happen when the file is opened for the first time?

Link to comment
Share on other sites

A re-log--by definition--requires an Account Name and Account Password. So, the user must supply these. Single Sign On simply takes the credentials the user has provided when authenticating to the domain and uses them to authenticate to the file.

Since FileMaker Pro 5.5, a Windows client always tries to login to FileMaker files hosted on a Windows OS FIleMaker Server via Single Sign On (SSO) (using the credentials of the currently logged-in user).

Steven

Link to comment
Share on other sites

Sounds like a plan on the 2nd issue.

For the first one, how do I make it trigger the Single SIgn On (i.e. user does not have to enter username and password) when having them Re-Login with the file already open?

SSO feeds off how the user is logged into the OS. You can not re-login and have SSO at the same time. The user would have to log out of the OS (thus by definition closing FM), log back onto the OS with different and valid domain credentials and FM would honor those providing that whatever AD groups the user belongs to, at least one is set up as an externally authenticated account.

When you show the user the FM re-login dialog, they do have to provide their AD username and pw.

Link to comment
Share on other sites

This topic is 4815 days old. Please don't post here. Open a new topic instead.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.