cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Powerbuilder and SSO

Former Member

on ‎12-17-2013 8:30 PM

0 Kudos

Hello

I'm still working on the SSO

I thought to take advantage of the same credentials for network access microsoft to authorize access to our ERP programs.

If the user is logged in to the server ok, otherwise it leads to ERP.

Is this a good idea?

There are calls for Powerbuilder that allow you to see how you are connected to the network user (user name)?

If you are, you can know if you are connected to the network or you are connected to the local machine?

thank you

Gimmy

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (4)

Answers (4)

Former Member
‎12-20-2013 8:17 AM
0 Kudos

Sorry if i insist.

Is possible in PB to interface to an LDAP server by Kerberos, to get a ticket, and log on to oracle with out pass uid and pwd ?

i Do not want to log in again. I'm already autenticated.

for me is not possible to use file for store the password or pass it like a parameters

The example that i find in PB code ( code exchange or Chris framework ) don't resolve the problem.

ty

Gimmy

Show replies
Show replies
Former Member
‎12-20-2013 2:27 PM
0 Kudos

FYI ... Its a lot simpler in MS's SQL Server and SAP's ASE DBMS as I just need to connect with a known DB user id + pw or use Windows authentication from an Application server - then pass the real windows login user id in the DBParm as follows:

SQLCA.DBParm = "AppName='<MyApp>',Sec_Network_Auth=1,Host='<PC Signature>"

This now allows SSO with ASE / SS being able to track the real user id, application and workstation that this connect represents. I'm not sure if Oracle supports this equivalent functionality in newer releases.

Former Member
‎12-23-2013 6:55 PM
0 Kudos

Define your machine's user ID in Oracle as an externally authenticated account. Leave the user ID and password blank in SQLCA and if you have setup everything properly you will connect. There is no writing of code.

Former Member
‎12-24-2013 1:02 PM
0 Kudos

grath news.

i'll try

ty Russell

Former Member
‎12-18-2013 12:16 PM
0 Kudos

Hi Gimmy;

   FYI:   I have the Active Directory SSO and Group / Role membership interaction with Active Directory included in my framework. I use it for my PB C/S and Appeon applications.

STD Foundation Classes | Free Development software downloads at SourceForge.net

Regards ... Chris

Show replies
Show replies
Former Member
‎12-18-2013 9:18 PM
0 Kudos

KEEP CALM

AND START AGAIN

I have found the system to figure out how you are connected to the network.

************************************************** **

ContextKeyword lcxk_base

string ls_Path

ls_values ​​string []

this.GetContextService ("Keyword", lcxk_base)

lcxk_base.GetContextKeywords ("USERNAME", ls_values​​)

IF upper-bound (ls_values​​)> 0 THEN

    ls_Path = ls_values ​​[1]

ELSE

    ls_Path = "* UNDEFINED *"

END IF

this.GetContextService ("Keyword", lcxk_base)

lcxk_base.GetContextKeywords ("COMPUTERNAME", ls_values​​)

IF upper-bound (ls_values​​)> 0 THEN

    ls_Path = ls_values ​​[1]

ELSE

    ls_Path = "* UNDEFINED *"

END IF

****************************************

Now I know that the user had access to the network and has been authenticated by active directory.

for me it's enough. I do not want other login.

At this point, how do I access Oracle without a login?

The sqlca ask me: UID and PASSWORD....

ty for answer

Gimmy

Former Member
‎12-19-2013 2:10 PM
0 Kudos

Hi Gimmy;

   The other thing I have in my framework is a Login dialogue that uses the MS-Windows login API to verify the user. My suggestion would be to use this once in your application to capture the real password - then using my framework's encryption, store the encrypted password in an accessible location (ie INI file).

  Now that you have a copy of the encrypted PW, just drop that into your SQLCA for the Oracle login's SSO approach.

  FWIW: I would call the MS-Login API each time your start your application to get an OK return code with the UID & saved PWD. If the user has changed their MS-Windows login PWD, the RC will show a failure. In that case, open my MS-Windows Login dialogue again to get the user to re-enter the new password and then update the encrypted PW in your INI file. From there, the system should not prompt the user again until they change their PW again.

Food for thought.

HTH

Regards ... Chris

Former Member
‎12-18-2013 3:10 AM
0 Kudos

Take a look at this:

http://www.windowsazure.com/en-us/documentation/services/active-directory/

Show replies
Show replies
Former Member
‎12-17-2013 8:45 PM
0 Kudos

This is the similar question that i recive from a friends.

I would like to setup SSO using Kerberos (Active Directory). This means acquiring kerberos ticket in a Powerbuilder 12.0 application. No possibility to upgrade PB version (yes, really...). All the users of my program have ever logged in on the Windows Server (2003 or 2008) or by RDP session.

Is it possible to get and check Kerberos Ticket with this PowerBuilder version ? How ?

I think it's possible to get the Windows current username thanks to the Windows API, but it isn't not as secure as a kerberos authentication.

I'll appreciate any help.

Show replies
Show replies
Former Member
‎12-17-2013 8:59 PM
0 Kudos

This is my connection parameters:

SQLCA.DBMS= 'o10'
SQLCA.ServerName= 'ATKVM'

SQLCA.DBParm="PBCatalogOwner='pgmr',DelimitIdentifier='No',DisableBind=1"

SQLCA.LogID= 'system'
SQLCA.LogPass= '******'
former_member190719
Active Contributor
‎12-19-2013 2:20 PM
0 Kudos

If you look at the old Sybase CodeXchange site, you'll find a couple of samples of interacting with LDAP (access to Active Directory) there.

http://www.sybase.com/detail?id=1058501&id=1058501#789

Former Member
‎12-19-2013 3:15 PM
0 Kudos

it return me error: -6

former_member190719
Active Contributor
‎12-19-2013 4:40 PM
0 Kudos 


Gimmy Susan wrote:




it return me error: -6

Define "it".

The page?  There are two samples there, both with a number of functions.  Which sample and which function?

Former Member
‎12-19-2013 4:54 PM
0 Kudos

hi Bruce:

the program is: ldap.

it happens when i press GROUPS button.

object: n_cst_ldap

function: of_getgroups

line:      li_rc = objRootDSE.ConnectToObject ("LDAP://RootDSE")

Ask a Question