U S E R D O C U M E N TA T I O N ( A L E P H I N O

Similar documents
Active Directory Integration. Documentation. v1.02. making your facilities work for you!

Guide to Web Hosting in CIS. Contents. Information for website administrators. ITEE IT Support

Securing Splunk with Single Sign On & SAML

Bitrix Site Manager. Quick Guide To Using The AD/LDAP Module

Perceptive Experience Single Sign-On Solutions

1. Introduction. Authors. Abstract. Quang Vu DANG (IFI) Olivier BERGER (GET/INT) Christian BAC (GET/INT) Benoît HAMET (phpgroupware)

IBM TRIRIGA Application Platform Version 3 Release 4.1. Single Sign-On Setup User Guide

Apache LDAP Configuration

Authentication Methods

External Identity and Authentication Providers For Apache HTTP Server

Security Assertion Markup Language (SAML) Site Manager Setup

Single sign-on websites with Apache httpd: Integrating with Active Directory for authentication and authorization

WebNow Single Sign-On Solutions

SchoolBooking SSO Integration Guide

WirelessOffice Administrator LDAP/Active Directory Support

Apache Authentication, Authorization, and Access Control Concepts Version 2.2

Step-by-Step guide for SSO from MS Sharepoint 2010 to SAP EP 7.0x

Configuring Apache Web Server for x509 User Authentication

Only LDAP-synchronized users can access SAML SSO-enabled web applications. Local end users and applications users cannot access them.

SVN Authentication and Authorization

Tenrox. Single Sign-On (SSO) Setup Guide. January, Tenrox. All rights reserved.

Agenda. How to configure

CentraSite SSO with Trusted Reverse Proxy

SecureAware on IIS8 on Windows Server 2008/- 12 R2-64bit

Configuring IBM Cognos Controller 8 to use Single Sign- On

SAML-Based SSO Solution

mod_auth_pubtkt a pragmatic Web Single Sign-On solution by Manuel Kasper, Monzoon Networks AG mkasper@monzoon.net

Integration Guide. SafeNet Authentication Service. SAS Using RADIUS Protocol with Apache HTTP Server

Requirements Collax Security Gateway Collax Business Server or Collax Platform Server including Collax SSL VPN module

Using LDAP Authentication in a PowerCenter Domain

Federation At Fermilab. Al Lilianstrom National Laboratories Information Technology Summit May 2015

OpenSSO: Cross Domain Single Sign On

About Me. Software Architect with ShapeBlue Specialise in. 3 rd party integrations and features in CloudStack

AA enabling a closed source legacy application

Field Description Example. IP address of your DNS server. It is used to resolve fully qualified domain names

CONFIGURATION GUIDE WITH MICROSOFT ACTIVE DIRECTORY FEDERATION SERVER

Deploying RSA ClearTrust with the FirePass controller

Integration Guide. SafeNet Authentication Service. Oracle Secure Desktop Using SAS RADIUS OTP Authentication

LDAP User Guide PowerSchool Premier 5.1 Student Information System

Authentication and Single Sign On

Egnyte Single Sign-On (SSO) Configuration for Active Directory Federation Services (ADFS)

Configuring and Using the TMM with LDAP / Active Directory

Getting Started with AD/LDAP SSO

Integrating LANGuardian with Active Directory

TIBCO Spotfire Platform IT Brief

Alert Notification of Critical Results (ANCR) Public Domain Deployment Instructions

LDAP Implementation AP561x KVM Switches. All content in this presentation is protected 2008 American Power Conversion Corporation

Contents. Introduction. Prerequisites. Requirements. Components Used

Immotec Systems, Inc. SQL Server 2005 Installation Document

INUVIKA OPEN VIRTUAL DESKTOP ENTERPRISE

To set up Egnyte so employees can log in using SSO, follow the steps below to configure VMware Horizon and Egnyte to work with each other.

Kerberos and Single Sign-On with HTTP

Federated Identity Management. Willem Elbers (MPI-TLA) EUDAT training

Kerberos and Single Sign On with HTTP

Created by Hotline Support Konica Minolta Hotline Support (UK) V1.2

Install MS SQL Server 2012 Express Edition

Video Administration Backup and Restore Procedures

Egnyte Single Sign-On (SSO) Installation for OneLogin

Using Kerberos tickets for true Single Sign On

LDAP and Active Directory Guide

TECHNICAL NOTE Stormshield Network Firewall AUTOMATIC BACKUPS. Document version: 1.0 Reference: snentno_autobackup

Integration of Shibboleth and (Web) Applications

NovaBACKUP xsp Version 15.0 Upgrade Guide

Identity Management in Liferay Overview and Best Practices. Liferay Portal 6.0 EE

SonicOS Enhanced 3.2 LDAP Integration with Microsoft Active Directory and Novell edirectory Support

SSO Plugin. Release notes. J System Solutions. Version 3.6

ibaan ERP 5.2a Configuration Guide for ibaan ERP Windows Client

Device Log Export ENGLISH

Configuring SonicWALL TSA on Citrix and Terminal Services Servers

LDAP Authentication and Authorization

What's new in httpd 2.2?

Copyright: WhosOnLocation Limited

Avatier Identity Management Suite

Basic Exchange Setup Guide

External and Federated Identities on the Web

InfoRouter LDAP Authentication Web Service documentation for inforouter Versions 7.5.x & 8.x

GlobalSign Enterprise Solutions Google Apps Authentication User Guide

Symplified I: Windows User Identity. Matthew McNew and Lex Hubbard

TopEase Single Sign On Windows AD

USER GUIDE. Lightweight Directory Access Protocol (LDAP) Schoolwires Centricity

Mixed Authentication Setup

Introduction. Connection security

NSi Mobile Installation Guide. Version 6.2

Architecture and Data Flow Overview. BlackBerry Enterprise Service Version: Quick Reference

Case Study - Configuration between NXC2500 and LDAP Server

Workspot Configuration Guide for the Cisco Adaptive Security Appliance

Dell One Identity Cloud Access Manager How to Configure for SSO to SAP NetWeaver using SAML 2.0

Use the below instructions to configure your wireless settings to connect to the secure wireless network using Microsoft Windows Vista/7.

Integrating WebPCM Applications into Single Sign On (SSO) Tom Schaefer Better Software Solutions, Inc. UN 4023 V

Introduction to Directory Services

CA Performance Center

SentryFile Document Management Administration Manual

Ensure that your environment meets the requirements. Provision the OpenAM server in Active Directory, then generate keytab files.

Version 9. Active Directory Integration in Progeny 9

Active Directory Requirements and Setup

Alcatel-Lucent Extended Communication Server Active directory synchronization : installation and administration

Authentication Integration

Basic Exchange Setup Guide

Transcription:

U S E R D O C U M E N TA T I O N ( A L E P H I N O 5. 0 ) Single-Sign-On Alephino Version 5.0 1/9 last updated: 17/09/2014

Table of contents 1 Mode of operation...3 2 Configuration examples with the Apache http server...4 2.1 Windows Domain User...4 3 Configuration for Microsoft Internet Information Server...5 3.1 IIS 6.0 (Windows Server 2003)...5 3.2 IIS 7.0 (Windows Server 2008)...5 3.3 SSO with Shibboleth...7 3.4 SSO with LDAP...8 Alephino Version 5.0 2/9 last updated: 17/09/2014

The Alephino WEB-Opac supports a simple Single-Sign-On, which the customer can use without a special configuration. 1 Mode of operation If variable REMOTE_USER of HTTP-Header Code is equal to the patrons barcode or registration number the patron is signed on without asking about the password. He has immediately access to his personal features. But this is only available with Microsoft Browser "Internet Explorer" because of the proprietary protocol. Other Browser needs a new sign on at the first invocation. Alephino Version 5.0 3/9 last updated: 17/09/2014

2 Configuration examples with the Apache http server 2.1 Windows Domain User Using Apache http-server you can implement it with REMOTE_USER and the module mod_auth_sspi httpd.conf: LoadModule sspi_auth_module modules/mod_auth_sspi.so vhost.alephino: # OPAC <VirtualHost *:8070> # Authentication <IfModule mod_auth_sspi.c> <Directory "C:/Programme/ExLibris/AlephinoServer_50/bin"> AuthName "Alephino OPAC Benutzerbereich" AuthType SSPI SSPIAuth On SSPIAuthoritative On SSPIOfferBasic On require valid-user </Directory> </IfModule> </VirtualHost> Alephino Version 5.0 4/9 last updated: 17/09/2014

3 Configuration for Microsoft Internet Information Server The interaction between IIS and "Internet Explorer" allows it to "carry" the already made proprietary Windows authentication to the web sites visited. The first time "entering" a protected site here no separate authentication is required, however other browsers require the first call the protected area a new Windows application. 3.1 IIS 6.0 (Windows Server 2003) With the configuration dialog choose options: Basic authentication and Enable Integrated Windows authentication. 3.2 IIS 7.0 (Windows Server 2008) Condition: Feature "Authentification" must be installed. Choose Site OPAC, switch to Features and click on Authentification. Windows-Authentification must be activated. (Anonymus Authentification must be deactivated). Alephino Version 5.0 5/9 last updated: 17/09/2014

Under Application Pools > Advanced Settings > Process model must be shown the identity NetworkService : Alephino Version 5.0 6/9 last updated: 17/09/2014

3.3 SSO with Shibboleth Shibboleth is a procedure for distributing authentification and authorization for WEB Application and WEB Services. The concept of Shibboleth is that Users has to authentificate himself once to use other services from different providers. The infrastructure is based on Security Assertion Markup Language (SAML). http://en.wikipedia.org/wiki/shibboleth_(internet2) In basic configuration Shibboleth can provide Authentication for REMOTE_USER. httpd.conf: LoadModule mod_shib /usr/lib/shibboleth/mod_shib_22.so Alias /shibboleth-sp/main.css /usr/share/doc/shibboleth/main.css Alias /shibboleth-sp/logo.jpg /usr/share/doc/shibboleth/logo.jpg vhost.alephino: # OPAC <VirtualHost *:8070> # Authentication <Directory "C:/Programme/ExLibris/AlephinoServer_50/bin"> AuthName "Alephino OPAC User area" AuthType shibboleth ShibRequireSession On require valid-user </Directory> </VirtualHost> Alephino Version 5.0 7/9 last updated: 17/09/2014

3.4 SSO with LDAP The Lightweight Directory Access Protocol is a data exchange protocol that allows the retrieval and modification of information. The communication between the LDAP directory service and each client is via the TCP / IP protocol. The structure stated by the LDAP is called LDAP directory. In order to enable authentication via LDAP the modules listed below need to be installed. Example: authentication against LDAP-compatible Windows directory service (Active Directory). httpd.conf: LoadModule ldap_module modules/mod_ldap.so LoadModule authnz_ldap_module modules/mod_authnz_ldap.so vhost.alephino: <Directory "C:/Programme/ExLibris/AlephinoServer_50/bin" > AuthType Basic AuthName "Alephino OPAC User area" AuthBasicProvider ldap AuthzLDAPAuthoritative off AuthLDAPURL ldap://myldapserver:389/ou=users,ou=germany,dc=corp,dc=exlibrisgroup, dc=com?samaccountname AuthLDAPBindDN "Harry Hurtig" AuthLDAPBindPassword "topsecret AuthLDAPRemoteUserAttribute samaccountname Require valid-user </Directory> Alephino Version 5.0 8/9 last updated: 17/09/2014

Notes: Since anonymous access to the directory service is usually not possible access data of a representative user must be stored for authentication of the query. For this purpose the directives AuthLDAPBindDN and AuthLDAPBindPassword have to be used. The samaccountname attribute of an AD directory service is typically identical to the Windows login name of the user. This will initially be used as an attribute element in the directive AuthLDAPURL. It is thus determined that this attribute must match the login name sent by the browser. The directive AuthLDAPRemoteUserAttribute ensures that the environment variable REMOTE_USER, as expected from Alephino, is occupied. In our case also with the login name of the user. If you want to use another attribute available in the directory service as REMOTE_USER, this must also be included in the (comma-separated) list of attributes in AuthLDAPURL. Alephino Version 5.0 9/9 last updated: 17/09/2014

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information