Jon,
Happy Thanksgiving to you too! Haven’t heard from
you in a while. Wasn’t sure you were still doing Docent.
Great to hear you are still around.
No you got the point perfectly. Your technique is similar
to how Docent does their NT authentication. Docent uses AUTH_USER and
REMOTE_USER in combination with turning off anonymous authentication and using
IIS’ integrated security model. My only issue is that many years
ago there were some issues with the non IE browsers, I don’t recall the
details, but it may have been the clear text passwords when not using SSL.
This just might just be the only way to really do this, but I believe that this
webserver is in a different domain tree than my users, which may cause
additional problems.
Thanks for the ideas. I think I’m going to end up
using what you mentioned, but I knew several of the users in this group have
SSO configured and was wondering what we were all doing to make the login page
disappear if the user had already authenticated with the server.
Don’t be a stranger and thanks for contributing.
Robert
From: docent_users@yahoogroups.com
[mailto:docent_users@yahoogroups.com] On Behalf Of Jon Dwyer
Sent: Sunday, November 30, 2008 2:48 PM
To: docent_users@yahoogroups.com
Subject: RE: [docent_users] Checking for existing LDAP credentials
Robert,
Happy Thanksgiving.
This isn't directly LDAP, but could it be as simple as retrieving the
domain/loginid that you get with
response.servervariables("LOGON_USER")? In other words, if they're
logged into Windows/the network, then they are "authenticated" and
you could pass the ID on in.
I do something like this for my Docent system - I have a nightly import of
Active Directory ID's attached to DRUser records. I retrieve LOGON_USER, and
use it to match with the A.D. ID in DRUser (and domain, but that's another
story), and if so, I build the Docent login string and pass them on into
Docent. If not, they get a login page. This has been my "single
signon" solution.
Sorry if I've missed the point entirely.
Jon
Owens Corning
To: docent_users@yahoogroups.com
From: robertt@rtnetworks.com
Date: Sat, 29 Nov 2008 10:55:58 -0800
Subject: [docent_users] Checking for existing LDAP credentials
The reference install has a form based version of LDAP
authentication. I.e., the user must enter their login credentials and
then these credentials are used to authenticate against LDAP. Since many
intranets implement LDAP for numerous applications, I’m looking at a
trying to find a way to check and see if the user has already been
authenticated by LDAP before presenting the user the LDAP login form and
skipping the extra authentication step if possible. Has anyone tried this
within Docent? What kind of approach did you use? Did you use a
hybrid of the NTLM and LDAP?
Thanks,
Robert
__._,_.___
Reply (via web post)
|
Start a new topic
| Links
| Database
| Polls
| Members
| Calendar
MARKETPLACE
From kitchen basics to easy recipes - join the Group from Kraft Foods
Change settings via the Web (Yahoo! ID required)
Change settings via email: Switch delivery to Daily Digest | Switch format to Traditional
Visit Your Group
|
Yahoo! Groups Terms of Use |
Unsubscribe
Recent Activity
Yahoo! Finance
It's Now Personal
Guides, news,
advice & more.
Need traffic?
Drive customers
With search ads
on Yahoo!
Cat Fanatics
on Yahoo! Groups
Find people who are
crazy about cats.
.
__,_._,___