SS0

H.P. Noppe henk at omnihis.nl
Tue Apr 16 02:56:06 EDT 2013


Hi Andy,

The SSO connection we made were to some web based healthcare systems like laboratory, integrated health (dutch: Ketenzorg). What we did was build up a cgilist with username and password (maybe a header list if required) and post this along with the other parameters with HttpPost/Get to the website. The website returns some headers. In this header there is a line 'Location'. The value of this one is extracted and opened in the browser. see below for an example

HTTPPost(Hostname,URI,CgiList,HeaderList,Port,Secure,Verify) Returns lSocketNum 
HTTPRead (lSocketNum,iBuffer)     
HTTPClose (lSocketNum)  
Quit method iBuffer

Response:
HTTP/1.1 302 Found
Server: Apache-Coyote/1.1
Location: https://someurl
Content-Length: 0
Date: Tue, 16 Apr 2013 06:44:48 GMT

The url behind 'Location' mentioned here is extracted with then with the an inline applescript (Mac) or via the shell32.dll opened in the standard browser.

We are developing a client/server app and it would be nice if the url could be opened in some HTML component , but alas the HTML component only support local html files.

Gigagreetz Henk



On Apr 15, 2013, at 8:33 PM, Andy Hilton <andyh at totallybrilliant.com> wrote:

> Henk
> 
> Could you expand on this a little bit for me please ?
> 
> What are you posting to, and what are you getting back ?
> 
> Andy
> 
> On Apr 15, 2013, at 2:22 PM, H.P. Noppe <henk at omnihis.nl> wrote:
> 
>> Hi Jean Marc,
>> 
>> An other approach is an HttpPost and open the returned url in the/a browser. We have done this for several websites. 
>> 
>> Gigagreetz Henk
>> 
>> On Apr 15, 2013, at 7:16 PM, Jean Marc Azerad <azerad.jm at wanadoo.fr> wrote:
>> 
>>> Many thanks to all of you guys !
>>> JM
>>> 
>>> 
>>> Le 15 avr. 2013 à 19:03, Philip Potter a écrit :
>>> 
>>>> Hi,
>>>> 
>>>> You might want to talk to the LDAP server....
>>>> 
>>>> a little demo I have is listed below... this assumes that the local machine has a LDAP server in place for testing... so you may need to point lcComputername to a real LDAP server.
>>>> 
>>>> But gives you an idea... (Clearly I was trying to get the email address for the user...)
>>>> Oh, and its using unicode DLL calls, just change the W to an A if not.
>>>> 
>>>> Phil.
>>>> 
>>>> Register DLL ('kernel32','GetComputerNameW','ICM')
>>>> Call DLL ('kernel32','GetComputerNameW',lcComputername,255)
>>>> 
>>>> Register DLL ('advapi32','GetUserNameW','ICM')
>>>> Call DLL ('advapi32','GetUserNameW',lcUserName,255)
>>>> 
>>>> ;  oADODB is defined as an object subtype Automation\ADODB.Connection.6.0
>>>> ;  oOther and oOther2 are just objects.
>>>> ;  lcfields are just character fields.
>>>> Do oADODB.$createobject()
>>>> Calculate oADODB.$provider as "ADsDSOObject"
>>>> Do oADODB.$open('ADSI')
>>>> Calculate lcSQL as con("SELECT cn,mail,name,uid  FROM 'LDAP://",lcComputername,"' WHERE objectClass='user' And samAccountName ='",lcUserName,"'")
>>>> Do oADODB.$execute(lcSQL) Returns oOther
>>>> 
>>>> Do oOther.$getrows(1) Returns oOther2
>>>> 
>>>> Calculate oOther2 as oOther.$fields('mail')
>>>> Calculate lcEmailAddress as oOther.$Fields.$Item(1)
>>>> Calculate lcEmailAddress as oOther2.$value
>>>> 
>>>> Calculate oOther2 as oOther.$Fields('cn')
>>>> Calculate lcDisplayName as oOther2.$value
>>>> 
>>>> Calculate oOther2 as oOther.$Fields('name')
>>>> Calculate lcPrintabledisplayName as oOther2.$value
>>>> 
>>>> Calculate oOther2 as oOther.$Fields('uid')
>>>> Calculate lcMailNickName as oOther2.$value
>>>> 
>>>> Do oADODB.$release()
>>>> 
>>>> Calculate oOther2 as #NULL
>>>> Calculate oOther as #NULL
>>>> Calculate oADODB as #NULL
>>>> 
>>>> Quit method lcEmailAddress
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>>> On 15/04/2013 17:45, Andy Hilton wrote:
>>>>> My requirement is to 'do it properly' !! Using SAML or encrypted tokens or some other 'secure' way.....
>>>>> 
>>>>> Was that how you achieved it ??
>>>>> 
>>>>> Andy
>>>>> 
>>>>> On Apr 15, 2013, at 12:31 PM, Gary Connor <gary_connor at directline-tech.com> wrote:
>>>>> 
>>>>>> Yes, at least on Windows using Active Directory - I have no clue about implementing SSO on the Mac.
>>>>>> ________________________________
>>>>>> Dr. Gary Connor, PhD, CIO
>>>>>> DirectLine Technologies, Inc.
>>>>>> 1600 N. Carpenter Road
>>>>>> Building D
>>>>>> Modesto, CA 95351
>>>>>> (209) 491-2020
>>>>>> 
>>>>>>> Jean Marc
>>>>>>> 
>>>>>>> Funnily enough this is a topic I have to cover for a client of mine
>>>>>>> !!
>>>>>>> 
>>>>>>> SSO = Single Sign On - i.e. your app opens and picks up the logged
>>>>>>> in credentials of the user from the network and automatically logs
>>>>>>> that user in to your application without them having to sign in
>>>>>>> again......
>>>>>>> 
>>>>>>> I don't actually have an answer for you - although it is on my list
>>>>>>> of 'things I need to get done' in the very near future - so if
>>>>>>> anyone has already done this, let me (and Jean-Marc) know as I will
>>>>>>> happily pay for someone to assist me not re-invent this particular
>>>>>>> wheel :)
>>>>>>> 
>>>>>>> Andy
>>>>>>> 
>>>>>>> On Apr 15, 2013, at 12:18 PM, Jean Marc Azerad
>>>>>>> <azerad.jm at wanadoo.fr> wrote:
>>>>>>> 
>>>>>>>> Hi listers,
>>>>>>>> 
>>>>>>>> A question from one of my customers...
>>>>>>>> 
>>>>>>>> "Is it possible to do SS0 authentication with Omnis Studio?"
>>>>>>>> (currently 4.2)
>>>>>>>> 
>>>>>>>> I don't even understand the question, so I need your help ! Thanks
>>>>>>>> 
>>>>>>>> JM
>>>>>>>> 
>>>>>>>> 
>>>>>>>> _____________________________________________________________
>>>>>>>> Manage your list subscriptions at http://lists.omnis-dev.com
>>>>>>>> 
>>>>>>> _____________________________________________________________
>>>>>>> Manage your list subscriptions at http://lists.omnis-dev.com
>>>>>> _____________________________________________________________
>>>>>> Manage your list subscriptions at http://lists.omnis-dev.com
>>>>> _____________________________________________________________
>>>>> Manage your list subscriptions at http://lists.omnis-dev.com
>>>>> 
>>>> 
>>>> -- 
>>>> 
>>>> P G Potter, 11 Regency Court, Mickle Trafford, Chester, UK.
>>>> 
>>>> This message is confidential and intended for the use only of the person to whom it is addressed. If you are not the intended recipient you are strictly prohibited from reading, disseminating, copying, printing, re-transmitting or using this message or its contents in any way. Opinions, conclusions and other information expressed in this message are not given or authorised by the Company unless otherwise indicated by an authorised representative independent of this message. The Company does not accept liability for any data corruption, interception or amendment to any e-mail or the consequences thereof. Emails addressed to individuals may not necessarily be read by that person unless they are in the office.
>>>> 
>>>> _____________________________________________________________
>>>> Manage your list subscriptions at http://lists.omnis-dev.com
>>> 
>>> _____________________________________________________________
>>> Manage your list subscriptions at http://lists.omnis-dev.com
>> 
>> _____________________________________________________________
>> Manage your list subscriptions at http://lists.omnis-dev.com
> 
> _____________________________________________________________
> Manage your list subscriptions at http://lists.omnis-dev.com




More information about the omnisdev-en mailing list