This is the best explanation I've seen of a working SSO implementation. I have not played with the BMC provided sso stuff, so I don't know if it's any good or not.
http://www.javasystemsolutions.com/products/sso/diagrams.php We've implemented a very similar solution using SiteMinder. This approach does require a custom login servlet (referred to as a JSS SSO Plugin in the diagram) and a custom AREA plugin to complement the servlet, but it's a sound approach. It looks like JSS's solution is directed at LDAP. You can use LDAP, or any other source against with which you can validate a user, so long as the authentication source has an api capable of performing the credential validation. Axton Grams On 12/13/06, Emad Zaky <[EMAIL PROTECTED]> wrote:
** Well Patrick...I actually wrote and compiled the DLL successfully. And when I hardcode the username and password, I click on the user tool and it successfully logs in. I can get the user name using an NT Api call, but the password is not possible. What support told me is that I have to use a hardcoded password ( or a password which is calculated from the user name for example), and find out the password inside the DLL. I still don't think that 100% SSO is implemented yet. On 12/13/06, patrick zandi <[EMAIL PROTECTED]> wrote: > > ** Oh and don't ask me for help with the .dll file.. Cause I need help > too.. I cannot get seem to get support help on it.. or even help compiling > it.. so Unless someone else does it.. I am stuck too.. > But I have been told -- some big names with remedy have this working.. > not sure who ? > Maybe one of you ? > > > On 12/13/06, patrick zandi <[EMAIL PROTECTED] > wrote: > > > > ""However, after trying out the codes, it seems what BMC are proposing > > is just an intercept to the Login i.e. When you login a dll will run > > to pick up the username\password and pass it to Remedy. This means that in > > the intercept we will be able to capture the username, but no password. The > > password has to be somehow be "calculated" in Remedy as well as in the > > intercept DLL, which is sort of hard coding the passwords. > > > > As far as security goes, I understand why the windows password is > > tightly guarded, but I am wondering how do other application using windows > > SSO and why can't Remedy do that? "" > > it is a MultiStep process to hook this up.. Work through support.. > > Windows AR SERVER and Windows Mid-Tier ONLY.. > > ( I would love to hear otherwise.. but have not yet) > > > > Actually the way it happens is First LDAP is running and you can login > > with your userid and password to the LDAP to AD and it checks that.. > > Then you are to hook up the SSO portion to the server.. and test that > > .. -- which does not use a password -- Thru mid-tier only. > > Then you are to hook up the AREA-HUB to the server and make sure that > > both LDAP and SSO are working together.. > > Then you can CREATE a .dll -- Which is not supplied by remedy .. that > > just replaces the SSO Code from the mid-tier with the SSO Code in the > > UserTool.. and IF this .dll is Present.. then it will log you on > > accordingly.. > > -- Access can be controlled in many different ways.. Either you have > > an USER account or Just one in AD. > > IF your AD is setup with a Remedy Group for Write licenses, then you > > configure appropriately. > > IF your AD does not have this - Then you could use a Default.. or > > UserForm.. it si a Tri-Configuration. > > > > > > Hope this helps you some.. but there is no embedded anything .. it > > just does it.. Remember this is a onion approach. Each layer has a specific > > job to do.. if one layer is not configured properly it will not work. > > > > > > On 12/13/06, Emad Zaky <[EMAIL PROTECTED] > wrote: > > > > > > ** Hi Listers, > > > > > > I read BMC white paper titiled, "Integrating BMC Remedy ARS with SSO > > > Authentication Systems and Other Client-Side Login Intercept Technologies", > > > where it talks about how to implement SSO. SSO as I understand it means that > > > the application will login using the user's windows credentials once the > > > user clicks on it. > > > > > > However, after trying out the codes, it seems what BMC are proposing > > > is just an intercept to the Login i.e. When you login a dll will run > > > to pick up the username\password and pass it to Remedy. This means that in > > > the intercept we will be able to capture the username, but no password. The > > > password has to be somehow be "calculated" in Remedy as well as in the > > > intercept DLL, which is sort of hard coding the passwords. > > > > > > As far as security goes, I understand why the windows password is > > > tightly guarded, but I am wondering how do other application using windows > > > SSO and why can't Remedy do that? > > > > > > Regards, > > > Emad > > > __20060125_______________________This posting was submitted with > > > HTML in it___ > > > > > > > > > > -- > > Patrick Zandi > > > > > -- > Patrick Zandi __20060125_______________________This posting was > submitted with HTML in it___ > __20060125_______________________This posting was submitted with HTML in it___
_______________________________________________________________________________ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org ARSlist:"Where the Answers Are"
