× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. August 2021

Re: SSO from user application

Don,

You are correct, the application would need to be updated to use the Kerberos Tokens. Those that have done this have tied it to the application menu system where the app already enforces authorization. In the case I’m thinking of the menu was in place already. (It was an older copy of BPCS that already had app authority built in). Lots of work in AD to build the individual menus for each users or groups.

Depending on the size and scope of the app, it’s a big job, or not that complicated. Less than 5 security points might be worth trying. More than that, well it’s a geometric curve in effort.

Jim Oberholtzer
Agile Technology Architects



On Aug 2, 2021, at 1:34 AM, Don Brown via MIDRANGE-L <midrange-l@xxxxxxxxxxxxxxxxxx> wrote:

We recently set up Single Sign On (SSO) as a Proof of concept (PoC)

This is working and iACS 5250 sessions are able to connect using SSO

Now I am asked how this could be applied to a third part application which
is not something I know much about.

The third party application is authenticating with the IBMi and I can see
the jobs in a user created sub-system with individual user profile names.

From my understanding of SSO when a user attempts to connect to a system
where source and target have been defined in SSO the application for
example iACS 5250 session will send a request to the SSO source to obtain
a token and then pass that token to the IBMi which process the
authentication/Logon.

So I am presuming there may be API's that can be used to do this, a quick
search revealed a lot of EIM related API's

So my question is more along the line of has anyone done this and is there
a roadmap of how to build the components to add SSO to a third party
application ?

Thank you for any feedback

Don




--
This email has been scanned for computer viruses. Although MSD has taken reasonable precautions to ensure no viruses are present in this email, MSD cannot accept responsibility for any loss or damage arising from the use of this email or attachments..
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription related questions.

Help support midrange.com by shopping at amazon.com with our affiliate link: https://amazon.midrange.com

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow-Ups:
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.