Jump to content
GEORGL03

Hosting on AWS with External Authentication

Recommended Posts

Good afternoon everyone,

 

Some BackStory:

When FMCloud was first announced, I was ecstatic; I'm all for moving towards cloud technology for my agency. I was nearly there...about to pull the trigger and start a migration scheme from my current setup into the FMCloud, but then the one big caveat was found..

"Supports custom app authentication via FileMaker user accounts only" AKA no External Authentication. But that is fine, I understand it was released for small businesses which need the scalability of AWS, but this DOES NOT work for my agency. I spent half a year moving away from filemaker user accounts, I can't go back; plus they have a Single Sign-on initiative that I'm trying to meet.

 

But I still need to get off of my old physical towers.So my next idea is that I want to spin up an EC2 in AWS and put filemaker server on it as an alternative, but I can't find any verbiage that details how that works(or if it works) in the way that I would like. Namely, I need my AWS server to talk to Active Directory, preferably by ADFS or SAML (lesser so).

 

So the question:

Can I setup external Authentication to an Active Directory from a server being hosted on AWS that is housing FileMaker Server 15? If so, What should I make note of before diving into this?

 

Thanks for any help and clarification someone can provide.

 

~Levi

Share this post


Link to post
Share on other sites

You may enjoy Azure more than AWS in this respect since it's microsoft and has a smoother integration between on-premise and cloud ADs.

Your FMS can not talk directly to your on-premise AD except if you can find a way to make the AWS machine a member server in your domain. You can't make FMS EA work through ADFS or SAML.

You could spin up a Windows AD instance on AWS and join that one and the FMS box into one domain and then set up a trust relationship (if possible - I have not checked) between that and your on-premise domain.  Or set up a sync between the two ADs.

Share this post


Link to post
Share on other sites

While I am not an Active Directory expert, I know that with Open Directory it is possibly to setup a replica server.

That will automatically take care of sync between the Directory master and the replica.

This way you should be able to have your replica on your AWS server, which replica data from your on-premises AD.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Similar Content

    • By 360Works
      The 360Works FTPeek plugin uploads, downloads, and manipulates remote files on an FTP (File Transfer Protocol) server from within any FileMaker solution.
      FTPeek version 2.1 is now available with an added feature supporting uploads and downloads from Amazon S3!
      Amazon Simple Storage Service (S3) runs on the AWS Cloud Infrastructure. It remains a highly-rated, industry-standard for data storage and retrieval, of any amount of data. As with most AWS services, S3 is versatile, reliable, and secure. It offers flexible storage management and administration capabilities, along with a simple interface that you can use to retrieve data from anywhere on the web.
      Getting started with Amazon S3 in the 360Works FTPeek plugin is easy. Using the function FTPeek_ConnectS3 will connect to your Amazon Web Services account when specifying the parameters for your AWS region and bucket, access key, and secret key. Once connected, you can then upload, download, and list files like any other FTP Server. Full reference documentation can be obtained at 360works.com/ftp-plugin
      Pricing for FTPeek starts at $195 for a 10-user workgroup license - less than $20 per user! Current version 2 license holders can upgrade to FTPeek 2.1 at no additional cost. Version 1 license holders can upgrade to version 2 at a nominal cost. For more on upgrade pricing or to download, please visit 360works.com/ftp-plugin
      More Reasons to Use the 360Works FTPeek plugin:
       
      Security: public encryption key is included with support for FTP over SSL (FTPS) and FTP over SSH (SFTP) Universal Binary cross-platform support: Windows and Mac compatible Runs on your FileMaker Server: Automate nightly FTP batch transfers with scheduled scripts or embed FTP scripts into WebDirect or Custom Web Publishing Transfer directly to/from FileMaker fields: FTP documents and images directly from text and container fields to the FTP server Includes a built-in FTP user interface: Give users full FTP access to the server, a full-featured, 100% FileMaker FTP solution is included with the plugin  
      What Do Other FileMaker Developers Think?
      "I think you guys are filling a big gap with that single plugin. The fact that it supports FTP, SFTP, and FTPS is key . We have replaced two plug-ins (one for FTP and one for SFTP) with a single plugin and can now offer FTPS as an alternative to our customers." - Matt Klein, Small Business Computers of New England, Inc.
      Free Demo or Download FTPeek 2.1 Stay updated with 360Works
       
    • By dataclip
      We have a couple of servers running on AWS. As of the middle of last week we suddenly are having connection problems. The server logs mostly lists error 10, sometimes error 51. These customers have poor internet connection, so we have set up a server and a client in the cloud. The users connects to the client through an RDP session. It is a Windows enviroment with one customer using Windows server 12 and FMS 14, the other Windows server 16 and FMS15. We use a seperate AD server to control the RDP access and accounts to the FMP server, clients have no acces to the FMS server.
      I have read previous posts on this issue. I do not think there can be any hardware issue, since the server is hosted with Amazon and both server and client are on an internal network. To be sure I have filed a support request with Amazon as well.
      The strange thing is that the error message sometimes occurs within a minute and then FMP freezes on the user while they are still working in the FM app. It is my understanding that error 10 occurs if the client does not respond to the server ping for 2 pings, so time out for this error should be 125 seconds. 
       

       
      These servers have been running without this issue for a long time now. Any idea why this has suddenly changed and why the error message errors while tghe users is using the FM app?
       
    • By Terrible Toll
      OK - we now have a working CloudMail solution that sends any number of emails with attachments (as URL links). 
       
      I have two minor issues with it:
      1/ Any images that we use on the HTML email (which are uploaded as attachment files, but not specific to each 'campaign') if we use as HREF links, don't work. If I check the message source the URL is there but it is prefixed and suffixed with a pile of coding which messes up the link. e.g. <a href=3D=E2=80=9Dhttp://momentumski.com/=E2=80=9D>. Any ideas what the E2=80=9D is all about?
      2/ The attachment link, which is automatically uploaded prior to send the email opens in web browser. I would like to force this to download which I can do by changing the PDF file metadata to Content-Disposition:attachment on the AWS S3 file storage. I know that it is possible to assign this during the upload to the AWS server, but I don't know if the 360works CloudMail plug-in can manage it. Any ideas?
      Many thanks - almost there ....
      Anatole Beams 
    • By fmworm
      Hello Everyone,
      Can i check if Citrix can be used in AWS platform? I want to install FM Server 16 in AWS platform and want to access FileMaker applications through Citrix.
      Also, would like to understand the advantages and disadvantages of Citrix in AWS?
      Thanks in advance.
    • By fmgenius
      I am trying to do a basic Insert from URL call with some CURL headers added and I keep getting authentication errors. This is the curl command sent by the provider for me to use. 
       
      curl -X GET --header 'Accept: application/json' --header 'api_key: 1234567890abcdefg' 'https://mydomain.leaddocket.com/api/endpoint' This is the curl I am setting up
      -X GET \ --header 'Accept: application/json' \ --header 'api_key: 1234567890abcdefg' \ -trace $$curlTraceDump FM barks and says "Authentication Failed" but if I do this with the BaseElements plugin, it works just fine. 
      What I found when looking at the Curl Trace was that FM is dropping some of the headers I send and injecting its own. Here's the snippet I am finding from FM's trace:
      GET /api/Leads/P endingExportIds HTTP/1.1 Host: mydomain.leaddocket.com User-Agent: FileMaker/16.0 Accept: */* Accept-Encoding: deflate, gzip Notice: both headers I sent were stripped and replaced. 
      Here is the response from BaseElements trace
      GET /api/endpoint HTTP/1.1 Host: mydomain.leaddocket.com User-Agent: libcurl-agent-base-elements-plugin/3.3.4 Accept: application/json api_key: 1234567890abcdefg BE left my headers intact. 
       
      So what gives? 
×

Important Information

By using this site, you agree to our Terms of Use.