FMS Integration with Windows LDAP for Authentication

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

FMS Integration with Windows LDAP for Authentication

Daniel Weiss
We need to hire someone to help us ideally do Single Sign On (SSO) between a Filemaker Web Direct application that is on a corporate network but not on the company’s domain (in the DMZ)but  that will authenticate users to their domain via LDAP.  

Anyone with experience with this please respond.  

Daniel Weiss
Adatasol Custom Database Solutions
Phone (440) 338-6874
Sales (800) 783-3346
www.adatasol.com
AIM or SKYPE: adatasol

Platinum FileMaker Business Alliance Member

Proud Graduate of the Goldman Sachs 10,000 Small Businesses Program



_______________________________________________
FMPexperts mailing list
[hidden email]
http://lists.ironclad.net.au/listinfo.cgi/fmpexperts-ironclad.net.au
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: FMS Integration with Windows LDAP for Authentication

Jimmy D. Jones
FMS uses AD and OD for authentication, not LDAP. FMS requests authentication from the OS. It does not contact the Authentication service directly. You must set up the Computer to use AD/OD for authentication. This applies to Custom Web Publishing, FMP, FMGo, and WebD.

For DMZ systems I suggest using a Host/Client two computer setup. Put FMS in the company's LAN so it can use corporate authentication. Put the second client computer in the DMZ. Set up the firewall to allow the required FMS ports for only these two computer's IP addresses.

___________
The opinions expressed in this email are my own and do not reflect those of my employer or anyone else.
Regards,
Ch0c0halic, FileMaker 14 Certified Developer
FileMaker Developer Conference 2017
July 24-26, 2017 • JW Marriott Desert Ridge, Phoenix, AZ
http://www.filemaker.com/learning/devcon/index.html

> On May 3, 2017, at 2:56 PM, Daniel Weiss <[hidden email]> wrote:
>
> We need to hire someone to help us ideally do Single Sign On (SSO) between a Filemaker Web Direct application that is on a corporate network but not on the company’s domain (in the DMZ)but  that will authenticate users to their domain via LDAP.  
>
> Anyone with experience with this please respond.  
>
> Daniel Weiss
> Adatasol Custom Database Solutions
> Phone (440) 338-6874
> Sales (800) 783-3346
> www.adatasol.com
> AIM or SKYPE: adatasol
>
> Platinum FileMaker Business Alliance Member
>
> Proud Graduate of the Goldman Sachs 10,000 Small Businesses Program
>
>
>
> _______________________________________________
> FMPexperts mailing list
> [hidden email]
> http://lists.ironclad.net.au/listinfo.cgi/fmpexperts-ironclad.net.au

_______________________________________________
FMPexperts mailing list
[hidden email]
http://lists.ironclad.net.au/listinfo.cgi/fmpexperts-ironclad.net.au
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: FMS Integration with Windows LDAP for Authentication

Daniel Weiss
Hmmm - there must be another way; we use the server for FM client access outside the domain so it’s not only used for WebDirect access.

What about this thread?

https://community.filemaker.com/thread/84244 <https://community.filemaker.com/thread/84244>



Daniel Weiss
Adatasol Custom Database Solutions
Phone (440) 338-6874
Sales (800) 783-3346
www.adatasol.com
AIM or SKYPE: adatasol

Platinum FileMaker Business Alliance Member

Proud Graduate of the Goldman Sachs 10,000 Small Businesses Program



> On May 3, 2017, at 7:41 PM, Jimmy D. Jones <[hidden email]> wrote:
>
> FMS uses AD and OD for authentication, not LDAP. FMS requests authentication from the OS. It does not contact the Authentication service directly. You must set up the Computer to use AD/OD for authentication. This applies to Custom Web Publishing, FMP, FMGo, and WebD.
>
> For DMZ systems I suggest using a Host/Client two computer setup. Put FMS in the company's LAN so it can use corporate authentication. Put the second client computer in the DMZ. Set up the firewall to allow the required FMS ports for only these two computer's IP addresses.
>
> ___________
> The opinions expressed in this email are my own and do not reflect those of my employer or anyone else.
> Regards,
> Ch0c0halic, FileMaker 14 Certified Developer
> FileMaker Developer Conference 2017
> July 24-26, 2017 • JW Marriott Desert Ridge, Phoenix, AZ
> http://www.filemaker.com/learning/devcon/index.html
>
>> On May 3, 2017, at 2:56 PM, Daniel Weiss <[hidden email]> wrote:
>>
>> We need to hire someone to help us ideally do Single Sign On (SSO) between a Filemaker Web Direct application that is on a corporate network but not on the company’s domain (in the DMZ)but  that will authenticate users to their domain via LDAP.  
>>
>> Anyone with experience with this please respond.  
>>
>> Daniel Weiss
>> Adatasol Custom Database Solutions
>> Phone (440) 338-6874
>> Sales (800) 783-3346
>> www.adatasol.com
>> AIM or SKYPE: adatasol
>>
>> Platinum FileMaker Business Alliance Member
>>
>> Proud Graduate of the Goldman Sachs 10,000 Small Businesses Program
>>
>>
>>
>> _______________________________________________
>> FMPexperts mailing list
>> [hidden email]
>> http://lists.ironclad.net.au/listinfo.cgi/fmpexperts-ironclad.net.au
>
> _______________________________________________
> FMPexperts mailing list
> [hidden email]
> http://lists.ironclad.net.au/listinfo.cgi/fmpexperts-ironclad.net.au

_______________________________________________
FMPexperts mailing list
[hidden email]
http://lists.ironclad.net.au/listinfo.cgi/fmpexperts-ironclad.net.au
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: FMS Integration with Windows LDAP for Authentication

Jimmy D. Jones
If you already have FMP access then WebD can use the same accounts. The login is controlled by the DB settings and FMS, not the client. Unless you have additional login requirements beyond what you use with the FMP clients? You will have to enable Web Direct (fmwebdirect) Extended Privilege on those accounts.

The article you mentioned deals mostly with OS level scripting to modify AD settings. It also mentions the OS does the actual transactions with the AD server. If your FMS computer doesn't have access to the internal LAN then it cannot do that communication either.

The 'other way' still requires the OS be able to connect to the AD server. So if it's blocked then there is no way to get AD authentication.

FMS authentication is FMP local accounts, OS local accounts, then AD/OD (if set up) accounts. You can duplicate all the groups and people assignments in the Local OS Server Manager, i.e. the local version of an AD authentication DB. But, that will require duplicating the AD server maintenance work on the local OS.

___________
The opinions expressed in this email are my own and do not reflect those of my employer or anyone else.
Regards,
Ch0c0halic, FileMaker 14 Certified Developer
FileMaker Developer Conference 2017
July 24-26, 2017 • JW Marriott Desert Ridge, Phoenix, AZ
http://www.filemaker.com/learning/devcon/index.html

> On May 3, 2017, at 6:34 PM, Daniel Weiss <[hidden email]> wrote:
>
> Hmmm - there must be another way; we use the server for FM client access outside the domain so it’s not only used for WebDirect access.
>
> What about this thread?
>
> https://community.filemaker.com/thread/84244 <https://community.filemaker.com/thread/84244>
>
>
>
> Daniel Weiss
> Adatasol Custom Database Solutions
> Phone (440) 338-6874
> Sales (800) 783-3346
> www.adatasol.com
> AIM or SKYPE: adatasol
>
> Platinum FileMaker Business Alliance Member
>
> Proud Graduate of the Goldman Sachs 10,000 Small Businesses Program
>
>
>
>> On May 3, 2017, at 7:41 PM, Jimmy D. Jones <[hidden email]> wrote:
>>
>> FMS uses AD and OD for authentication, not LDAP. FMS requests authentication from the OS. It does not contact the Authentication service directly. You must set up the Computer to use AD/OD for authentication. This applies to Custom Web Publishing, FMP, FMGo, and WebD.
>>
>> For DMZ systems I suggest using a Host/Client two computer setup. Put FMS in the company's LAN so it can use corporate authentication. Put the second client computer in the DMZ. Set up the firewall to allow the required FMS ports for only these two computer's IP addresses.
>>
>> ___________
>> The opinions expressed in this email are my own and do not reflect those of my employer or anyone else.
>> Regards,
>> Ch0c0halic, FileMaker 14 Certified Developer
>> FileMaker Developer Conference 2017
>> July 24-26, 2017 • JW Marriott Desert Ridge, Phoenix, AZ
>> http://www.filemaker.com/learning/devcon/index.html
>>
>>> On May 3, 2017, at 2:56 PM, Daniel Weiss <[hidden email]> wrote:
>>>
>>> We need to hire someone to help us ideally do Single Sign On (SSO) between a Filemaker Web Direct application that is on a corporate network but not on the company’s domain (in the DMZ)but  that will authenticate users to their domain via LDAP.  
>>>
>>> Anyone with experience with this please respond.  
>>>
>>> Daniel Weiss
>>> Adatasol Custom Database Solutions
>>> Phone (440) 338-6874
>>> Sales (800) 783-3346
>>> www.adatasol.com
>>> AIM or SKYPE: adatasol
>>>
>>> Platinum FileMaker Business Alliance Member
>>>
>>> Proud Graduate of the Goldman Sachs 10,000 Small Businesses Program
>>>
>>>
>>>
>>> _______________________________________________
>>> FMPexperts mailing list
>>> [hidden email]
>>> http://lists.ironclad.net.au/listinfo.cgi/fmpexperts-ironclad.net.au
>>
>> _______________________________________________
>> FMPexperts mailing list
>> [hidden email]
>> http://lists.ironclad.net.au/listinfo.cgi/fmpexperts-ironclad.net.au
>
> _______________________________________________
> FMPexperts mailing list
> [hidden email]
> http://lists.ironclad.net.au/listinfo.cgi/fmpexperts-ironclad.net.au

_______________________________________________
FMPexperts mailing list
[hidden email]
http://lists.ironclad.net.au/listinfo.cgi/fmpexperts-ironclad.net.au
Loading...