Jump to content

External Server Authentication of FileMaker Pro Credentials


This topic is 5076 days old. Please don't post here. Open a new topic instead.

Recommended Posts

Colleagues:

It has come to my attention from several venues in recent days that any number of developers, IT Administrators, and “power” users are having difficulty understanding and in configuring External Server Authentication of accounts with various versions of FileMaker Server.

Here are a few key points to keep in mind:

1. External Authentication removes the credentials information (Account Name and Account Password) from within a FileMaker Pro file and transfers it to FileMaker Server. This allows multiple different FileMaker files to use the same single set of credentials.

2. Inherent in this process, and central to it, is that the Accounts on the server must be arranged into groups. Further there must be matching Groups within each FileMaker pro file. These Groups must match exactly, and they are the linchpin for this process’ working correctly.

3. Use lower case names for groups, and do not use spaces or unusual high ASCII characters. For example, fmsalesreps and fmitmanagers are good Group names. This is especially important for Macintosh OS X deployments.

4. Server based Accounts and their Groups can be in any one of three different places: on the local FileMaker Server, on an Active Directory Domain Controller, or on an Open Directory Domain Controller.

5. In the Admin Console of FileMaker Server, select the option to authenticate using FileMaker and External Server Accounts. (ConfigurationàDatabase ServeràSecurity is where this option is found.)

6. External Server Authentication has nothing whatsoever to do with LDAP configuration found in the Directory Service section of the FileMaker Pro clients tab in the Admin Console.

7. FileMaker Server supports Active Directory and Open Directory Domain Controllers as locations for placing Accounts and Groups in addition to FileMaker Server itself. Other so-called generic LDAP servers are not, repeat not, part of this equation. FileMaker Server does not support these generic LDAP servers for external authentication purposes.

8. Do not use External Server Authentication for Accounts with [Full Access] privileges. This is a security vulnerability.

9. There are three useful White Papers on this topic found on the FMI web site as well as some videos at VTC about External Server Authentication. The three White Papers are the ones on Server, on Security, and on External Server Authentication. http://www.vtc.com/products/FileMaker-Server-9-tutorials.htm and http://www.vtc.com/products/FileMaker-Server-10-Tutorials.htm are the VTC sites. Stay tuned for updates there. Wim Decorte’s videos are better than mine, so look at his if you have only one choice.

Link to comment
Share on other sites

This topic is 5076 days old. Please don't post here. Open a new topic instead.

Guest
This topic is now closed to further replies.
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.