Emulated Single-Sign-On in LISTSERV Rev: 15 Jan 2010



Similar documents
Access EEC s Web Applications... 2 View Messages from EEC... 3 Sign In as a Returning User... 3

FINRA Regulation Filing Application Batch Submissions

BackupAssist SQL Add-on

MaaS360 Cloud Extender

Firewall/Proxy Server Settings to Access Hosted Environment. For Access Control Method (also known as access lists and usually used on routers)

Learn More Cloud Extender Requirements Cheat Sheet

Using PayPal Website Payments Pro UK with ProductCart

Exercise 5 Server Configuration, Web and FTP Instructions and preparatory questions Administration of Computer Systems, Fall 2008

990 e-postcard FAQ. Is there a charge to file form 990-N (e-postcard)? No, the e-postcard system is completely free.

Webalo Pro Appliance Setup

Tipsheet: Sending Out Mass s in ApplyYourself

X7500 Series, X4500 Scanner Series MFPs: LDAP Address Book and Authentication Configuration and Basic Troubleshooting Tips

BRILL s Editorial Manager (EM) Manual for Authors Table of Contents

Software Distribution

Connecting to

Exercise 5 Server Configuration, Web and FTP Instructions and preparatory questions Administration of Computer Systems, Fall 2008

STIOffice Integration Installation, FAQ and Troubleshooting

Pronestor Room & Catering

AvePoint Privacy Impact Assessment 1

Helpdesk Support Tickets & Knowledgebase

Remote Setup and Configuration of the Outlook Program Information Technology Group

Introduction LIVE MAPS UNITY PORTAL / INSTALLATION GUIDE Savision B.V. savision.com All rights reserved.

BASIC TECHNICAL FEATURE DESCRIPTION

SBClient and Microsoft Windows Terminal Server (Including Citrix Server)

Using Sentry-go Enterprise/ASPX for Sentry-go Quick & Plus! monitors

esupport Quick Start Guide

Service Desk Self Service Overview

INTEGRATION OVERVIEW. Introduction Authentication methods Learning management system (LMS) integration methods AICC standard...

Configuring an Client for your Hosting Support POP/IMAP mailbox

Using PayPal Website Payments Pro with ProductCart

Employee Self Service (ESS) Quick Reference Guide ESS User

Instructions for Configuring a SAFARI Montage Managed Home Access Expansion Server

Copyright 2013, SafeNet, Inc. All rights reserved. We have attempted to make these documents complete, accurate, and

Telelink 6. Installation Manual

First Global Data Corp.

Often people have questions about new or enhanced services. This is a list of commonly asked questions and answers regarding our new WebMail format.

LogMeIn Rescue Web SSO via SAML 2.0 Configuration Guide

Treasury Gateway Getting Started Guide

Setup PPD IT How-to Guides June 2010

Adobe Sign. Enabling Single Sign-On with SAML Reference Guide

3. Change the Incoming Mail (POP3) information to the POP3 or Incoming Mail Server Name provided when your account is setup.

Supervisor Quick Guide

HP Connected Backup Online Help. Version October 2012

How To Set Up An Aut Debit On A Verifne Credit Card On A Pc Or Macbook (For A Credit Card) On A Macbook Or Macromusa (For An Installment Billing) On An Iphone Or Ipad

CSAT Account Management

User Manual Brainloop Outlook Add-In. Version 3.4

E-Biz Web Hosting Control Panel

Serv-U Distributed Architecture Guide

Spamguard SPAM Filter

User Guide Version 3.9

Credit Report Reissue Recommendation TABLE OF CONTENTS

FOCUS Service Management Software Version 8.5 for CounterPoint Installation Instructions

Alexsys Team 2 Service Desk

Implementing ifolder Server in the DMZ with ifolder Data inside the Firewall

Regions File Transmission

WinFlex Web Single Sign-On (EbixLife XML Format) Version: 1.5

KronoDesk Migration and Integration Guide Inflectra Corporation

How To Install Fcus Service Management Software On A Pc Or Macbook

Systems Support - Extended

CREDIT REPORTING USER GUIDE

FOCUS Service Management Software Version 8.5 for Passport Business Solutions Installation Instructions

Using McAllister Payment Solutions and Updating to AVImark version

NEC CLOUD STORAGE. User Guide. Version: R03.1

Setting up your New Staff Voic . EVA: Exchange Voic Access. IT Services

AP Capstone Digital Portfolio - Teacher User Guide

o How AD Query Works o Installation Requirements o Inserting your License Key o Selecting and Changing your Search Domain

Readme File. Purpose. What is Translation Manager 9.3.1? Hyperion Translation Manager Release Readme

Merchant Management System. New User Guide CARDSAVE

DocAve for Salesforce 3.1

Software Update Notification

Best Practice - Pentaho BA for High Availability

Creating automated reports using VBS AN 44

iphone Mobile Application Guide Version 2.2.2

Configuring and Monitoring AS400 Servers. eg Enterprise v5.6

efusion Table of Contents

Access to the Ashworth College Online Library service is free and provided upon enrollment. To access ProQuest:

Outlook Plug-In. Send Conference Invites from Outlook. Downloading Outlook Plug-In CONFERENCING & COLLABORATION RESERVATIONLESS-PLUS

Configuring BMC AREA LDAP Using AD domain credentials for the BMC Windows User Tool

Volume THURSTON COUNTY CLERK S OFFICE. e-file SECURE FTP Site (January 2011) User Guide

TECHNICAL BULLETIN. Title: Remote Access Via Internet Date: 12/21/2011 Version: 1.1 Product: Hikvision DVR Action Required: Information Only

WatchDox for Windows User Guide

HR Management Information (HRS)

MDSB. MemberDirect Small Business. User Guide

Optimal Payments Extension. Supporting Documentation for the Extension Package v1.1

CallRex 4.2 Installation Guide

NASDAQ BookViewer 2.0 User Guide

Setup O365 mailbox access on MACs

Customers FAQs for Webroot SecureAnywhere Identity Shield

Application Advisories for Data Integrator for Non- EDI location

ROSS RepliWeb Operations Suite for SharePoint. SSL User Guide

How to deploy IVE Active-Active and Active-Passive clusters

RECOMMENDATIONS SECURITY ONLINE BANK TRANSACTIONS. interests in the use of IT services, such as online bank services of Société Générale de Banques au

Welcome to Remote Access Services (RAS)

AMWA Chapter Subgroups on LinkedIn Guidance for Subgroup Managers and Chapter Leaders, updated

Transcription:

Emulated Single-Sign-On in LISTSERV Rev: 15 Jan 2010 0. Nte that frm LISTSERV versin 15.5, LISTSERV supprts using an external LDAP directry (r Windws Active Directry) fr lgin authenticatin in additin t LISTSERV's wn internal authenticatin methds. Fr mre infrmatin n LDAP, see the fllwing Manual, Sect 7: http://www.lsft.cm/manuals/16.0/listserv16.0_advancedtpicsmanual.pdf Using LDAP bypasses the fllwing cmments entirely. Hwever, these cmments still apply t synchrnizing LISTSERV with nn-ldap external authenticatin methds. A number f custmers have asked abut using LISTSERV behind a Single Sign-On (SSO) web prtal, s that users may sign in nce t the SSO prtal and be autmatically lgged int the LISTSERV web interface, as well. It is pssible but nt easy. The fundamental prblem is that LISTSERV has its wn authenticatin methd that cannt be bypassed. The SSO prtal likely als has a (separate) authenticatin methd that cannt be bypassed. S t emulate Single Sign-On, it is necessary t synchrnize these tw authenticatin methds while satisfying the requirements f bth. LISTSERV authenticatin is based n establishing a ckie in the user's brwser which invisibly perfrms any necessary lgin peratins n future visits t the LISTSERV web pages. S nce the user successfully authenticates via the SSO prtal, the prtal lgin prcess needs t d tw additinal things t synchrnize lgins with LISTSERV. 1. Issue a cmmand t LISTSERV with the user s e-mail address and passwrd. The lgin fr LISTSERV must always be in the frm f a valid email address. Since it is likely that yur SSO lgin prtal uses an alpha/numeric userid, it must als retrieve a valid email address fr the user when the user lgs in successfully, in rder t supply this email address t LISTSERV alng with the passwrd. A LISTSERV passwrd must be at least 6 characters lng, cntaining characters frm the set: A-Z a-z 0-9 $#@_-?! %. Spaces are nt allwed. Frm LISTSERV versin 15.5 nwards, LISTSERV passwrds are case sensitive. 2. Set a LISTSERV lgin ckie in the user's web brwser by redirecting the user t the nrmal LISTSERV lgin prcess, s that all future brwsing t LISTSERV pages will be autmatically authenticated by the ckie. This ckie can have a shrt term expiratin time if yu prefer. Details fr each f these steps are prvided belw. L-Sft Training and Cnsulting L-Sft internatinal, Inc. Page 1

1) Register the e-mail address and passwrd with LISTSERV There are three ways t prvide the e-mail address and passwrd t LISTSERV. The cmmand syntax varies with the methd used. In all cases belw, the email address issuing the cmmand must be an address that is specified with POSTMASTER privileges in LISTSERV's site.cfg r g.user file. In this case we'll use the example address PM@example.cm. In Site.cfg/g.user yu will have lines similar t this:... POSTMASTER= fred@example.cm POSTMASTER= QUIET: HIDE: * Pstmaster addresses belw must nt receive any ntificatins POSTMASTER= PM@example.cm... CREATEPW=*NOPW* 1 The address PM@example.cm must have its wn LISTSERV persnal passwrd (represented here as PPPPPP). The CREATEPW is deprecated in LISTSERV14.3 and later and shuld nt be used. Methd 1: Send an email message t LISTSERV. Frm: PM@example.cm T: LISTSERV@listserv.example.cm Subject: Cmmand // jb reply-t=nne QUIET PWC REP user@example.cm 123456 PW=PPPPPP This will register the passwrd '123456' fr the user user@example.cm. Nte that PPPPPP is the LISTSERV Persnal Passwrd fr PM@example.cm. Fr safety's sake, in Ver. 15.0 and later, the PWC REPlace cmmand shuld be used. If the user previusly had a passwrd, the new passwrd will replace the existing passwrd. If the user did nt, the new passwrd will be entered. In LISTSERV versins pre-dating Ver. 15.0, yu must use 2 cmmands in a specific rder t delete the previus user passwrd and then recrd the new passwrd. Frm: PM@example.cm T: LISTSERV@listserv.example.cm Subject: Cmmand 1 UNIX syntax fr g.user is slightly different frm the abve. See the LISTSERV Site Manager s manual fr details. L-Sft Training and Cnsulting L-Sft internatinal, Inc. Page 2

// jb reply-t=nne QUIET PWC DEL user@example.cm PW=PPPPPP QUIET PWC ADD user@example.cm 123456 PW=PPPPPP Methd 2: Via HTTP Add a subscriber t a list: (Windws syntax) http://yur.server.name/scripts/wa.exe?actadd1=listname&a=user@address% 20fname%20lname&b=1 (This assumes that a LISTSERV 'ckie' has been set fr yur webscript address.) The b=1 will send the subscriptin ntificatin message. b=0 will nt send the message. Set a passwrd fr this user: http://yur.server.name/scripts/wa.exe?lcmd=quiet%20pwc%20rep%20user@ad dress%20xxxxxx where user@address is the subscriber s e-mail address and xxxxxx is the passwrd fr the subscriber. Methd 3: Send the cmmand by TCPGUI (direct TCP cnnectin with LISTSERV) Nte: Please read Sect 10 f the LISTSERV Advanced Tpics Manual befre undertaking any TCPGUI prgramming: http://www.lsft.cm/manuals/16.0/listserv16.0_advancedtpicsmanual.pdf Yur applicatin must nt nly present the cmmands t LISTSERV with the prper syntax, but must als be prepared t parse and take apprpriate actin n cmmand acknwledgements bth successful and unsuccessful. Frm LISTSERV Ver 14.3 nwards it is nw pssible t send a PWC cmmand by TCPGUI. The e-mail address f the sender f the cmmand must be ne f the addresses listed in site.cfg/g.user as a POSTMASTER (see abve). T issue cmmands via TCPGUI yu need the cmmand line utility lcmdx.exe. The surce fr this is prvided in Chap 10 f the Advanced Tpic Guide, but a precmpiled versin fr Windws can be dwnladed frm ur FTP site: ftp://ftp.lsft.cm/cntrib/lcmdx-intel.exe The syntax fr LCMDX is as fllws: LCMDX hstname SubmitterAddress PersPwdfSubmitter CmmandtbeExectuted L-Sft Training and Cnsulting L-Sft internatinal, Inc. Page 3

Emulated Single Sign-On hstname is the fully qualified hstname r IP address f LISTSERV SubmitterAddress is the email address submitting the cmmand PersPwdfSubmitter is the persnal LISTSERV passwrd f the submitting email address CmmandtbeExectuted is the ne-line cmmand string t be executed Fr example: LCMDX listserv.example.cm PM@example.cm PPPPPP QUIET PWC REP user@example.cm 123456 (This must all be n 1 line. Editing this dcument frces a line wrap, but there must never be any line wraps in TCPGUI cmmands.) If successful, LISTSERV will reply: Passwrd registered successfully Nte carefully that this syntax issued this way is NOT the same as the cmmand when issued via e-mail, as nted in (1) abve. Hwever, this will wrk if dne exactly this way. Again, fr safety's sake, any previus passwrd must be cancelled, s fr versin 15.0 and later, the abve cmmand uses the 'PWC REPlace' cmmand. In versins predating LISTSERV Ver. 15.0 yu must issue 2 cmmands in successin, waiting fr the reply t the first befre issuing the secnd cmmand: LCMDX listserv.example.cm PM@example.cm PPPPPP QUIET PWC DEL user@example.cm Passwrd deleted successfully,... LCMDX listserv.example.cm PM@example.cm PPPPPP QUIET PWC ADD user@example.cm 123456 Passwrd registered successfully,... 2. Lg In t LISTSERV and Set the Lgin Ckie Nw that the e-mail address and passwrd have been registered with LISTSERV by ne f the three methds abve, yu need t authenticate the user in t LISTSERV and install a ckie in the user's web brwser. This ckie recrds the email address and passwrd in an encrypted frm s that whenever the user brwses t a LISTSERV web interface page requiring a LISTSERV lgin, the ckie perfrms the necessary authenticatin. Obviusly, the user's brwser must be cnfigured t permit ckies. If nt, this cannt wrk (and prbably wn't wrk fr the rest f yur site as well). The easiest way t set a LISTSERV lgin ckie is t redirect the user t the nrmal LISTSERV lgin page, which will set a LISTSERV lgin ckie in the user's web brwser: http://listserv.example.cm/scripts/wa.exe?login1&x=&y=user%40example.c m&p=xxxxxx&e=lg%20in L-Sft Training and Cnsulting L-Sft internatinal, Inc. Page 4

Nte the variables &X, &Y, &p, &e are case sensitive and must be used as shwn. &X is blank, but must be present. &Y= the user's email address, &p= the user s cleartext passwrd, &e= the cmmand t be perfrmed. Althugh it seems a security expsure t have the user's passwrd in the clear, the expsure is minimal, since this cmmand is exchanged between the SSO prtal and LISTSERV, usually n the same netwrk. This des nt travel ver the Internet. Nnetheless, the lgin may be sent ver HTTPS instead f HTTP if the web server running LISTSERV is cnfigured fr SSL. Nw the user is authenticated int LISTSERV and a brwser ckie has been set. The abve prcess must be repeated each time the user changes their passwrd, changes their email address, r deletes their ckies. Passwrd and e-mail address changes shuld be handled utside f LISTSERV by SSO prtal system. This leads t the questin f hw t synchrnize passwrds if the user changes the passwrd in LISTSERV instead f the SSO prtal. The shrt answer is nt t allw this. If using LDAP fr authenticatin, LISTSERV will disallw passwrd change attempts. If nt using LDAP, yu shuld mdify the nrmal LISTSERV "Change passwrd" page with a redirect URL that takes the user t the SSO prtal fr changing passwrds. This is fund in the NEWPW-MAIN dynamic site-wide template. Simply replace that entire template with a redirect URL similar t this: <meta http-equiv="refresh" cntent="0; URL=http://ther.passwrd.page.html"> ------------------------------------------------------------------------ We hpe this helps yu get started with emulating Single Sign On. If yu have any further questins please let us knw at presales@lsft.cm. L-Sft Training and Cnsulting L-Sft internatinal, Inc. Page 5

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information