on 12-17-2013 8:30 PM
Hello
I'm still working on the SSO
I thought to take advantage of the same credentials for network access microsoft to authorize access to our ERP programs.
If the user is logged in to the server ok, otherwise it leads to ERP.
Is this a good idea?
There are calls for Powerbuilder that allow you to see how you are connected to the network user (user name)?
If you are, you can know if you are connected to the network or you are connected to the local machine?
thank you
Gimmy
Sorry if i insist.
Is possible in PB to interface to an LDAP server by Kerberos, to get a ticket, and log on to oracle with out pass uid and pwd ?
i Do not want to log in again. I'm already autenticated.
for me is not possible to use file for store the password or pass it like a parameters
The example that i find in PB code ( code exchange or Chris framework ) don't resolve the problem.
ty
Gimmy
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
FYI ... Its a lot simpler in MS's SQL Server and SAP's ASE DBMS as I just need to connect with a known DB user id + pw or use Windows authentication from an Application server - then pass the real windows login user id in the DBParm as follows:
SQLCA.DBParm = "AppName='<MyApp>',Sec_Network_Auth=1,Host='<PC Signature>"
This now allows SSO with ASE / SS being able to track the real user id, application and workstation that this connect represents. I'm not sure if Oracle supports this equivalent functionality in newer releases.
Hi Gimmy;
FYI: I have the Active Directory SSO and Group / Role membership interaction with Active Directory included in my framework. I use it for my PB C/S and Appeon applications.
STD Foundation Classes | Free Development software downloads at SourceForge.net
Regards ... Chris
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
KEEP CALM
AND START AGAIN
I have found the system to figure out how you are connected to the network.
************************************************** **
ContextKeyword lcxk_base
string ls_Path
ls_values string []
this.GetContextService ("Keyword", lcxk_base)
lcxk_base.GetContextKeywords ("USERNAME", ls_values)
IF upper-bound (ls_values)> 0 THEN
ls_Path = ls_values [1]
ELSE
ls_Path = "* UNDEFINED *"
END IF
this.GetContextService ("Keyword", lcxk_base)
lcxk_base.GetContextKeywords ("COMPUTERNAME", ls_values)
IF upper-bound (ls_values)> 0 THEN
ls_Path = ls_values [1]
ELSE
ls_Path = "* UNDEFINED *"
END IF
****************************************
Now I know that the user had access to the network and has been authenticated by active directory.
for me it's enough. I do not want other login.
At this point, how do I access Oracle without a login?
The sqlca ask me: UID and PASSWORD....
ty for answer
Gimmy
Hi Gimmy;
The other thing I have in my framework is a Login dialogue that uses the MS-Windows login API to verify the user. My suggestion would be to use this once in your application to capture the real password - then using my framework's encryption, store the encrypted password in an accessible location (ie INI file).
Now that you have a copy of the encrypted PW, just drop that into your SQLCA for the Oracle login's SSO approach.
FWIW: I would call the MS-Login API each time your start your application to get an OK return code with the UID & saved PWD. If the user has changed their MS-Windows login PWD, the RC will show a failure. In that case, open my MS-Windows Login dialogue again to get the user to re-enter the new password and then update the encrypted PW in your INI file. From there, the system should not prompt the user again until they change their PW again.
Food for thought.
HTH
Regards ... Chris
Take a look at this:
http://www.windowsazure.com/en-us/documentation/services/active-directory/
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
This is the similar question that i recive from a friends.
I would like to setup SSO using Kerberos (Active Directory). This means acquiring kerberos ticket in a Powerbuilder 12.0 application. No possibility to upgrade PB version (yes, really...). All the users of my program have ever logged in on the Windows Server (2003 or 2008) or by RDP session.
Is it possible to get and check Kerberos Ticket with this PowerBuilder version ? How ?
I think it's possible to get the Windows current username thanks to the Windows API, but it isn't not as secure as a kerberos authentication.
I'll appreciate any help.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
If you look at the old Sybase CodeXchange site, you'll find a couple of samples of interacting with LDAP (access to Active Directory) there.
User | Count |
---|---|
75 | |
9 | |
8 | |
7 | |
7 | |
6 | |
6 | |
6 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.