Active Directory Integration

Active Directory Integration

  
HI All,
WE are trying to get single sign on via Active Directory working. WE have integrated to AD but cannot see how we can get the sytem to permission so the user once signed on to the network does not have to sign on again to the applications we have built on the Platform.

Regards

Sandy Purbrick

Hi Sandy,

Are you using the same User Provider eSpace for all the modules that belong to the applications you want single sign-on to be activated?

User Provider is the concept that allows the implementation of Single Sign on on OutSystems. You can check more about it here:

https://www.outsystems.com/help/servicestudio/9.1/index.htm#t=Unifying_eSpaces%2FSingle_Sign-on.htm

Hi, I want integrate via AD i.e sign on to AD and no sign on to Outsystems- THis is what I mean by single sign. WE are doing single sign on when we are only authenticating against Outsystems but I want to sign on via AD
 
Hi,

But are you using the native capabilites of the platform to integrate with AD as defined here:

 http://www.outsystems.com/help/servicestudio/9.1/#t=Handling_security%2FConfiguring_End-User_Authentication.htm

If so. you still need the User Provider configuration to be correct.

Regards.


Carlos Sousa wrote:

Hi,

But are you using the native capabilites of the platform to integrate with AD as defined here:

 http://www.outsystems.com/help/servicestudio/9.1/#t=Handling_security%2FConfiguring_End-User_Authentication.htm

If so. you still need the User Provider configuration to be correct.

Regards.


Carlos,

If you wanted to set it to be active directory.  If they have already authenticated to the AD before they open the outsystems page, is there a way to "see" this authorization when they first load the page so that they would not have to authenticate again through the webpage?  We have done this on CAS but not on AD.


Hi Jason,


If I understand your question properly, what you describe is the behavior provided by the Integrated Authentication. Am I correct?


If so you can use this feature in a very simple way with OutSystems. Check this article http://www.outsystems.com/help/servicestudio/9.1/#t=Handling_security%2FAbout_Integrated_Authentication.htm


Hope it helps.

Carlos Sousa wrote:

Hi Jason,


If I understand your question properly, what you describe is the behavior provided by the Integrated Authentication. Am I correct?


If so you can use this feature in a very simple way with OutSystems. Check this article http://www.outsystems.com/help/servicestudio/9.1/#t=Handling_security%2FAbout_Integrated_Authentication.htm


Hope it helps.

Carlos,

Ok - assuming that I set the platform authentication method to be Active Directory and have it set up correctly, I will still manually create users as needed in the OutSystems users table where the username is Domain/Username.  Then when someone opens a page, if the getuserid() returns null I can run IntegratedSecurityGetDetails which should return their domain username if they are logged in.  I could then search users to find a user with that username and if found log them into outsystems and proceed with the page load.  If not, forward then I need to forward them to an AD login page which should act just like they are logging into OutSystems as the platform should use AD to authenticate them.  This is of course assuming the platform stack is .net.  Am I correct in the above?