OpenInsight Single Sign-On (SSO)



Similar documents
OpenInsight License Renewal and Installation/Upgrade Authorization Process

OpenInsight Data Encryption at Rest (RTIDER)

OECGI3.EXE Installation and Configuration Quick Start Guide

OpenInsight 9.3 Arev32 Quick Start Guide

Copyright

SINGLE SIGN-ON SETUP T ECHNICAL NOTE

Using Microsoft Windows Authentication for Microsoft SQL Server Connections in Data Archive

Configuring IBM Cognos Controller 8 to use Single Sign- On

BlackShield ID Agent for Remote Web Workplace

Creating IBM Cognos Controller Databases using Microsoft SQL Server

How To Set Up Chime For A Coworker On Windows (Windows) With A Windows 7 (Windows 7) On A Windows 8.1 (Windows 8) With An Ipad (Windows).Net (Windows Xp

Security Assertion Markup Language (SAML) Site Manager Setup

Configuring User Identification via Active Directory

Configuring Steel-Belted RADIUS Proxy to Send Group Attributes

Egress Switch Administration Panel. User Guide

Using LDAP for User Authentication

Creating a System DSN for Crystal Reports to Access a Sentinel Server Database. Configuration Guide Version 1.0

CA Performance Center

BlackShield ID Agent for Terminal Services Web and Remote Desktop Web

Implementation Guide for. Juniper SSL VPN SSO with OWA. with. BlackShield ID

QLIKVIEW MOBILE SECURITY

Getting Started with Clearlogin A Guide for Administrators V1.01

PANO MANAGER CONNECTOR FOR SCVMM& HYPER-V

PRODUCT WHITE PAPER LABEL ARCHIVE. Adding and Configuring Active Directory Users in LABEL ARCHIVE

Web Work Module User s Guide

Egnyte Single Sign-On (SSO) Configuration for Active Directory Federation Services (ADFS)

Secure Agent Quick Start for Windows

WatchDox Administrator's Guide. Application Version 3.7.5

Phone Manager Application Support OCTOBER 2014 DOCUMENT RELEASE 4.1 SAGE CRM

Administration: Users and Roles

Windows XP Exchange Client Installation Instructions

Integrating IBM Cognos 8 BI with 3rd Party Auhtentication Proxies

Quick Start Guide for VMware and Windows 7

Folder Proxy + OWA + ECP/EAC Guide. Version 2.0 April 2016

Installation & Configuration Guide Version 1.0. TekSMTP Version Installation & Configuration Guide

Dolphin Ocean Server and Dolphin Mobile Client Installation Guide for Android and ios. May 2012

Dell Compellent Storage Center

Monitor Print Popup for Mac. Product Manual.

SELF SERVICE RESET PASSWORD MANAGEMENT DATABASE REPLICATION GUIDE

DocAve for Office 365 Sustainable Adoption

Google Apps Deployment Guide

DESlock+ Basic Setup Guide ENTERPRISE SERVER ESSENTIAL/STANDARD/PRO

Oracle Business Intelligence Enterprise Edition LDAP-Security Administration. White Paper by Shivaji Sekaramantri November 2008

Advanced Configuration Steps

Oracle Enterprise Single Sign-on Provisioning Gateway. Administrator Guide Release E

How To Install Help Desk Premier

Enroll a Windows Phone 8 Device

HP Project and Portfolio Management Center

Learn More MaaS360 Cloud Extender Checklist (MDM for Blackberry)

Enterprise Knowledge Platform

The cloud server setup program installs the cloud server application, Apache Tomcat, Java Runtime Environment, and PostgreSQL.

Oracle Enterprise Single Sign-on Technical Guide An Oracle White Paper June 2009

Active Directory Integration

HP Device Manager 4.7

HYPERION SYSTEM 9 N-TIER INSTALLATION GUIDE MASTER DATA MANAGEMENT RELEASE 9.2

BMC Performance Manager Windows Security White Paper DCOM / WMI

Rohos Logon Key for Windows Remote Desktop logon with YubiKey token

CA Nimsoft Service Desk

Egress Switch Reader. User Guide 2.3

Synchronization Agent Configuration Guide

Microsoft Dynamics CRM Adapter for Microsoft Dynamics GP

Perceptive Experience Single Sign-On Solutions

Application Note. ShoreTel 9: Active Directory Integration. Integration checklist. AN June 2009

Quick Start Guide for Parallels Virtuozzo

MadCap Software. Upgrading Guide. Pulse

INTEGRATION GUIDE. IDENTIKEY Federation Server for Juniper SSL-VPN

How to configure the Panda GateDefender Performa explicit proxy in a Local User Database or in a LDAP server

Deploying RSA ClearTrust with the FirePass controller

SAML-Based SSO Solution

LDAP User Guide PowerSchool Premier 5.1 Student Information System

Phone Manager Application Support JANUARY 2015 DOCUMENT RELEASE 4.2 APPLICATION SUPPORT

Avatier Identity Management Suite

Océ LDAP Adapter User Guide

CRM to Exchange Synchronization

Virtualization Case Study

VITAL SIGNS Quick Start Guide

Installation Guide. (You can get these files from

Remark FTP Utility. For Remark Office OMR. User s Guide

Implementation Guide for protecting

OPENGATE SMALL BUSINESS SOFTWARE

Adeptia Suite LDAP Integration Guide

Svn.spamsvn110. QuickStart Guide to Authentication. WebTitan Version 5

Product Guide Addendum. SafeWord Check Point User Management Console Version 2.1

Citrix EdgeSight for Load Testing Installation Guide. Citrix EdgeSight for Load Testing 3.8

DocuSign Single Sign On Implementation Guide Published: March 17, 2016

Contents. Platform Compatibility. Directory Connector SonicWALL Directory Services Connector 3.1.7

SELF SERVICE RESET PASSWORD MANAGEMENT BACKUP GUIDE

753 Broad Street Phone: Suite 200 Fax: Augusta, GA Copyrights

EQUELLA. Blackboard Learn Configuration Guide. Version 6.2

Flexible Identity Federation

SteelEye DataKeeper Cluster Edition. v7.5. Release Notes

How to Configure Outlook Client for Exchange

CA Spectrum and CA Embedded Entitlements Manager

Client SSL Integration Guide

Understanding Enterprise Cloud Governance

HP Software as a Service. Federated SSO Guide

Transcription:

OpenInsight Single Sign-On (SSO) Version 1.1 A Division of Revelation Technologies, Inc.

COPYRIGHT NOTICE 1996-2014 Revelation Technologies, Inc. All rights reserved. No part of this publication may be reproduced by any means, be it transmitted, transcribed, photocopied, stored in a retrieval system, or translated into any language in any form, without the written permission of Revelation Technologies, Inc. SOFTWARE COPYRIGHT NOTICE Your license agreement with Revelation Technologies, Inc. authorizes the conditions under which copies of the software can be made and the restrictions imposed on the computer system(s) on which they may be used. Any unauthorized duplication or use of any software product produced by Revelation Technologies, Inc., in whole or in part, in any manner, in print or an electronic storage-and-retrieval system, is strictly forbidden. TRADEMARK NOTICE OpenInsight is a registered trademark of Revelation Technologies, Inc. Windows 2000, Windows XP Professional, Windows Vista Business, Windows 7, Windows 8, Windows Server 2003, Windows Server 2008, Windows Server 2012 and above are registered trademarks of Microsoft, Inc. Part No. 214-965 Printed in the United States of America. 2

Table of Contents SECTION I: OPENINSIGHT SINGLE SIGN-ON (SSO)... 4 SECTION II: EXAMPLES... 6 3

Section I: OpenInsight Single Sign-On (SSO) Introduced in OpenInsight 9.2, Single Sign-On (SSO) allows OpenInsight users and system administrators to simplify their OI security and administrative tasks. By configuring SSO, OpenInsight users can be authenticated via traditional OpenInsight methods, via Windows security, or via a combination of both. To enable SSO, administrators must create or modify a record in the SYSENV table named CFG_LOGIN, or an application-specific record named CFG_LOGIN*<appname> (ie, CFG_LOGIN*EXAMPLES) to configure SSO for the specific application. The layout of the CFG_LOGIN and CFG_LOGIN*<appname> records is: ID: CFG_LOGIN (global) or CFG_LOGIN*<appname> (for a specific application) 1. SSO flag 2. Normal groups] (for SSO flag = 2 only) 3. Admin groups] (for SSO flag = 2 only) 4. System Admin groups] (for SSO flag = 2 only) 5. Validation Mode (for SSO flag = 2 only) If the SSO flag is set to 0 in the CFG_LOGIN*<appname> record, or in the CFG_LOGIN record if no CFG_LOGIN*<appname> record is found (or if neither CFG_LOGIN*<appname> nor CFG_LOGIN record is found), OpenInsight operates in "legacy" mode, continuing to use its existing (legacy) methods for authentication and validation. Usernames and passwords, either entered in response to OpenInsight prompts or passed via command-line parameters, will be checked against OI system records, and the user will either be admitted or denied admittance depending on the entered information. If the SSO flag is set to 1 in the CFG_LOGIN*<appname> record, or in CFG_LOGIN if no CFG_LOGIN*<appname> record is found, OpenInsight operates in "hybrid SSO" mode. No username or password is required for entry (either systemwide if CFG_LOGIN record is used, or in the particular application if CFG_LOGIN*<appname> is used), so long as the username (as logged into Windows) is found in the OpenInsight system records. Administrators must, therefore, continue to create OpenInsight user entries for all valid OpenInsight users, defining which permissions level (normal, admin, or system admin) they should be granted. Hybrid SSO operation is provided mostly as a convenience to users, who need not specify their username and password to enter OpenInsight. If the OpenInsight user is not set as an administrator then an Application Entry Point must be set for the application. If the SSO flag is set to 2 in the CFG_LOGIN*<appname> record, or in CFG_LOGIN if no CFG_LOGIN*<appname> record is found, OpenInsight operates in "strict SSO" mode. No username or password is required for entry (either systemwide if CFG_LOGIN record is used, or in the particular application if CFG_LOGIN*<appname> is used), so long as the user (as logged into Windows) belongs to one of the Windows groups defined in fields 2, 3, or 4. In strict SSO mode, the administrator is not required to enter the user into OpenInsight's system records; they need only ensure that the Windows user is a member of the appropriate group. If the Windows user is a member of any of the groups listed in field 4 (@VM delimited), they are admitted into OpenInsight with System Administrator privileges; if the user is a member of any of the groups listed in field 3 (@VM delimited), they are admitted with Administrator privileges; if the user is a member of any of the groups listed in field 2 (@VM delimited), they are admitted with normal privileges. Note that a user will be admitted with the highest privilege that can be found in any of the groups he or she is a member of. Also note that if the user _does_ have an entry in the OI legacy system records, they will be admitted with the privileges found in the OI system (similar to "hybrid SSO" mode). If the SSO flag is set to 2, field 5 controls how the group information is obtained. If set to 0 (the default), then OpenInsight will communicate with the local LDAP server on the network (such as the Active Directory server) to get group information. If set to 1, then OpenInsight will first communicate with the LDAP server if possible, and then query the local Windows system for the local group information as well. If set to -1, then OpenInsight will only query the local Windows system for the local groups. Note that operating in mode 0 requires an LDAP server on the network. 4

When operating in strict SSO mode, OpenInsight provides a "legacy override" function; when logging in to the SYSPROG application, if the user is NOT a member of any of the specified groups, they will be prompted for their username and password (as though CFG_LOGIN was set to legacy mode). This provides for the possibility that the user groups have been incorrectly specified, for example, preventing the system from becoming inoperable. 5

Section II: Examples ID: CFG_LOGIN 1. 0 The system operates in full legacy mode, similar to all prior versions of OpenInsight ID: CFG_LOGIN 1. 0 ID: CFG_LOGIN*EXAMPLES 1. 1 The system operates in legacy mode for all applications other than EXAMPLES. When logging into the EXAMPLES applications, users need not specify their username and password; however, the username (as logged in to Windows) must exist in the OI system tables for the Examples application. ID: CFG_LOGIN 1. 2 2. win_users]win_remote 3. localadmin]power_users 4. admin The system operates in strict SSO mode (with the exception of the legacy override). Users who wish to access the system must belong to the "admin" group (in which case they are granted system administrator privileges), "localadmin" or "power_users" group (in which case they are granted administrator privileges), or "win_users" or "win_remote" group (in which case they are granted normal user privileges). The information as to which groups are defined will be obtained from the LDAP server on the network. ID: CFG_LOGIN 1. 2 2. win_users]win_remote 3. localadmin]power_users 4. admin 5. 1 The system operates in strict SSO mode (with the exception of the legacy override). Users who wish to access the system must belong to the "admin" group (in which case they are granted system administrator privileges), "localadmin" or "power_users" group (in which case they are granted administrator privileges), or "win_users" or "win_remote" group (in which case they are granted normal user privileges). The information as to which groups are defined will be obtained from both the LDAP server on the network and the local Windows system. 6

7

Revelation Software, Inc 99 Kinderkamack Road Ste 109 Westwood, NJ 07675 U.S.A Toll Free: 800-262-4747 Phone: 201-594-1422 Fax: 201-722-9815 www.revelation.com Revelation Software Ltd. Boundary House Boston Road London, W7 2QE U.K. Phone: +44 0 208 912 1000 Fax: +44 0 208 912 1001 info@revsoft.co.uk BrightIdeas New Zealand 44 Cockle Bay Rd, Howick Auckland, 2014 New Zealand Phone: +64 9 534 9134 info@revelation.asia Revelation Software is a division of Revelation Technologies, Inc. Part No. 214-965

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information