Single Sign-On via the Browser

[Martin_S]

Hi

Ok, so we have just completed the set up of our test FM13 server and the application is being accessed via webdirect.

I have tested it on Chrome (as our managed image only runs IE8 at present), and I get a login dialog whuich i have to enter my network credentials into. Currently the application is secured by three different Active Directory groups based on the access level of the user, and the users would really like to know if it's possoble for them to not have to sign in?

The third party provider who set this up believed it was possible, but as WebDirect is new, there doesn't seem to be much info available. I've searched the user guides and they all mention SSO with ODBC, but I am pretty sure this doesn't apply here.

Can anyone tell me if what we need is possible, and if so how?

Thanks

Martin

[Wim Decorte]

SSO has never been possible through the web interfaces / XML interfaces.

[Steven H. Blackwell]

As Wim said, SSO is not an option here.  What you can do, however, is use the Active Directory credentials. If the system is properly configured, those credentials will be accepted and the user can then access the file.  But the user must enter the credentials at the challenge prompt.

 

This same scenario is true for all other FileMaker client connections, except when both the Server and the Workstation are members of the domain,and both are running Windows OS.

 

If you have further questions, please come back and post them.  We will try to answer them for you.

 

Steven

[Charles Delfs]

Good Day,

I have to tackle this same problem again this week actually ... providing SSO in a WD internal network.

I think there can be two approaches (one of which I have done before):

1 - Use SSOSO (SinglesSign on - Sort Of ) by grabbing the persistantID of the client you can identify them returning much like a cookie. (can use cookies too but more work) then once a user logs in successfully you can save that terminals ID and use it to identify them on return. This will not lock them out if they change their password or their access gets revoked obviously. I currently use this with a public facing WebDirect site where users log in and later return. To the user it looks exactly like a typical PHP cookie system

2 - Access SSO via PHP or similar. This is a bit more complicated but I think can work (i have not done this yet)

• WebDirect Landing page opens and has a web viewer that accesses PHP page that checks creds via SSO back end and returns "access granted "or "denied" as well as the ID of the user
• script on the WD home page checks the results of the viewer and depending roles in the user with the correct access privy or not.
• The PHP would have to be written to be compatible with your SSO system

Let me know your thoughts.

And yes, the landing page of the Webdirect welcome page would be totally locked down.

 

 

Edited May 6, 2015 by Charles Delfs

[Charles Delfs]

For future reference,

I have added a blog regarding SSO Single Sign on and Filemaker webdirect here on my site.

http://www.delfsengineering.ca/blog/2016/1/7/fm-single-sign-on