|
Don,
You are correct, the application would need to be updated to use the Kerberos Tokens. Those that have done this have tied it to the application menu system where the app already enforces authorization. In the case I’m thinking of the menu was in place already. (It was an older copy of BPCS that already had app authority built in). Lots of work in AD to build the individual menus for each users or groups.
Depending on the size and scope of the app, it’s a big job, or not that complicated. Less than 5 security points might be worth trying. More than that, well it’s a geometric curve in effort.
Jim Oberholtzer
Agile Technology Architects
On Aug 2, 2021, at 1:34 AM, Don Brown via MIDRANGE-L <midrange-l@xxxxxxxxxxxxxxxxxx> wrote:
We recently set up Single Sign On (SSO) as a Proof of concept (PoC)
This is working and iACS 5250 sessions are able to connect using SSO
Now I am asked how this could be applied to a third part application
which is not something I know much about.
The third party application is authenticating with the IBMi and I can
see the jobs in a user created sub-system with individual user profile names.
From my understanding of SSO when a user attempts to connect to a
system where source and target have been defined in SSO the
application for example iACS 5250 session will send a request to the
SSO source to obtain a token and then pass that token to the IBMi
which process the authentication/Logon.
So I am presuming there may be API's that can be used to do this, a
quick search revealed a lot of EIM related API's
So my question is more along the line of has anyone done this and is
there a roadmap of how to build the components to add SSO to a third
party application ?
Thank you for any feedback
Don
--
This email has been scanned for computer viruses. Although MSD has taken reasonable precautions to ensure no viruses are present in this email, MSD cannot accept responsibility for any loss or damage arising from the use of this email or attachments..
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L)
mailing list To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives at
https://archive.midrange.com/midrange-l.
Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription related questions.
Help support midrange.com by shopping at amazon.com with our
affiliate link: https://amazon.midrange.com
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.