cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SSO with LDAP

Go to solution
Former Member

on ‎09-28-2007 7:09 PM

0 Kudos

I'm using LDAP (Active Directory) for authentication to xMII and it works great! I'd like users to not even be challenged to authenticate when theylaunch xMII (assuming they're a valid xMII user).

I couldn't find any threads on the forum that specifically addressed this issue.

Any help would be appreciated!

David

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎10-01-2007 12:39 PM
0 Kudos

David,

You could do something like this as the link for loging into xMII:

<i><b>http://<ServerName>/Illuminator/PortalLogin.jsp?IllumLoginName=Admin&IllumLoginPassword=Admin&session=true&target=/Lighthammer</b></i>

Where IllumLoginName is the user and IllumLoginPassword is the password for that user.

I advice to be careful with this method as the credentials are exposed in the url. Creating a generic user with just the credentials needed would work nicely in combination with this method.

Hopefully this is close to what you were looking for.

Show replies
Show replies
Former Member
‎10-02-2007 2:06 PM
0 Kudos

Hi, Alin.

Change http:// to https:// and you can reduce the security threat quite a bit.

Rick

Answers (2)

Answers (2)

erik_schrampf
Active Participant
‎10-02-2007 1:36 PM
0 Kudos

David,

The logging out is just how NTLM works as you are always logged in and there are no ways around it. If this is a problem I would suggest not using NTLM. I would also suggest looking at note 1041936 as it deals with disabled xMII users and NTLM.

Erik

Show replies
Show replies
Former Member
‎10-02-2007 2:02 PM
0 Kudos

Thanks, Eric. I looked at the note - I don't think that would benefit me as I'm using LDAP. Our plan for disabling users is to remove them from all the "xMII-mapped" Active Directory groups. I'll remove the 'Logout' link from the style sheet and call it good.

Former Member
‎10-02-2007 2:04 PM
0 Kudos

Isn't NTLM also being removed from UME (and therefore V12) at some point due to security concerns?

Former Member
‎10-18-2007 3:00 PM
0 Kudos

Yes, NTLM is replaced with Kerberos Authentication on 12.0. Since we no longer have our security manager in 12.x, all security and SSO concerns are done through the Netweaver UME and system configuration.

They can ask their netweaver administrator to setup the proper Kerberos Authentication modules on their NetWeaver server. Or look on the online help for NetWeaver.

jamie_cawley
Advisor
Advisor
‎10-01-2007 2:27 PM
0 Kudos

You could try using ntlm. Check the help docs for more information. I wouldn't suggest Alin's approach, as it will not work in version 12.0.

Regards,

Jamie

Show replies
Show replies
Former Member
‎10-01-2007 8:45 PM
0 Kudos

I'll try NTLM. I had used that previously before we started using LDAP for authentication but I wasn't sure if it would work with LDAP.

Former Member
‎10-02-2007 1:19 PM
0 Kudos

NTLM seems to work OK though we still need to test it with users w/o rights to xMII. The only issue I see is logging off. When I click on Logout, it runs relogin.jsp and automatically logs me back in again.

Ask a Question