SS0

[Bastiaan Olij]

Hi Andy,

If you are running IIS this COULDN'T be easier. You simply have IIS
handle this by giving only access to people with the right credentials
to your website. If they are not logged onto the domain however they do
get your basic username/password popup that comes standard with every
browser which isn't the prettiest.

In your (omnis) app you know that IIS has already done all the hard work
for you and you do not need to build in your own security. I am assuming
here off course that your web application uses a logon to your database
that is not bound to the user as you do not have access to the users
password and as far as the database server is concerned the user is the
web server, not the end user who is on the other end.

Obviously you do want to know which user is logged on but this is easy
as IIS sends this through. With the thin client you can capture this
with some server side scripting before giving it to Omnis, not sure how
this would be done with the JSclient or if it is available to Omnis for
the ultra thin client.

On Apache life is a little harder as it requires setting up the
modauthkerb extension but the principle is the same.
http://www.microhowto.info/howto/configure_apache_to_use_kerberos_authentication.html

Cheers,

Bas

On 16/04/13 9:30 AM, Andy Hilton wrote:
> I don't *think* the database login is going to be that hard for a networked user, but my client is also looking for web site SSO as well which I think gets a little trickier ??