SS0

[Flurin Sievi]

Hello

> "Is it possible to do SS0 authentication with Omnis Studio?" (currently 4.2)

Assuming that Omnis Studio is talking to a database server and not doing standalone stuff, yes, it's possible. 

You need something to do the user management (we use OpenLDAP here), and something to handle SSO ("MIT Kerberos" in our case, but moving toward Heimdal). Then, you configure the database server to act as a kerberos service. From this moment, your SSO environment is up and running.

Omnis provides front-end stuff and has nothing to do with authentication. It serves a login window, and you pass username/password over an SSL connection to the database server. The database then checks login credentials against the LDAP server (we don't use SSO in this part, but that's always a security-versus-comfort thing).

It's a PITA to configure the kerberos stuff (or at least it was for me.. :) under Linux, I don't know how you do it with Windows, and on Mac Servers there used to be a button in "Server Admin.app" called "kerberize service"…, but I don't know about the situation with OS 10.8.x . But it's running extremely stable, and I never experienced problems with the Kerberos part for years. 

Regards,
f.