SSO

Hi all,

I doubt single sign on systems different, what with the security of the network. I don't understand the user received a unique password to access all systems. I don't understand that system sense is in the database or a system in which the database is resident. Please can someone explain? ....

Hello
The answer to your question could cover a lot of ground. Usually a single sign today a day implies LDAP and could provide access to hosts on a network, the database on web services on these hosts and guests. In my experience a lot of places use the Microsoft version of the LDAP - Active Directory, to provide access to services shared such as e-mail and printers etc.. Oracle of course have their own LDAP but I've never worked in an environment where it has been used to set up access database for what is known as a user 'global '.
In the end, security is just a good as the base product, and how the firewalls and passwords are strong.

Concerning
Pete

Tags: Database

Similar Questions

  • Microsoft - Google SSO

    Dear All;

    I have set up a "Windows 2012 R2 - AD FS" to deploy a SSO for Google APP, use the following guide:

    https://shuggill.WordPress.com/2012/01/12/setting-up-Google-Apps-single-sign-on-SSO-with-ADFS-2-0-and-a-custom-STS-such-as-IdentityServer/

    but I got an error trying to authenticate, I contacted Google and they replied with the following:

    -On the section for the SAML saml:issuer = urn: oasis: names: tc: saml:2.0:assertion "> you must include only google.com here, and you have included your domain name on this setting."

    -On your SAML response, there is no present NameID, which means that when we receive your confirmation of SAML information, there is no this e-mail in the call, so we do not have anyone to authenticate.

    Now, I don't know how to apply it, please help

    Hello

    Post your question in the TechNet Server Forums, as your question kindly is beyond the scope of these Forums.

    http://social.technet.Microsoft.com/forums/WindowsServer/en-us/home?category=WindowsServer

    See you soon.

  • SSO not working doesn't not with RemoteApps

    Hello everyone,

    I faced a very strange situation: trying to troubleshoot the SSO for remoteApps in Windows Server 2012R2. Everything is installed and configured correctly. I ran the commands:

    Import-module remotedesktop

    Game-rdsessioncollectionconfiguration - collectionname "RemoteApps" - customrdpproperty "authentication level: i: 0. »

    Game-rdsessioncollectionconfiguration - collectionname "RemoteApps" - customrdpproperty "address:s:remote.ccim.com complete alternative."

    Added <> domainname.com> policies allow delegating default credentials and forced gpupdate

    Added the name of the server individually to the policy allow delegating default credentials

    Checked and confirmed that the registry entry is updated according to the changes of policy

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CredentialsDelegation]

    "AllowDefaultCredentials" = DWORD: 00000001

    "ConcatenateDefaults_AllowDefault" = DWORD: 00000001

    "AllowDefCredentialsWhenNTLMOnly" = DWORD: 00000001

    "ConcatenateDefaults_AllowDefNTLMOnly" = DWORD: 00000001

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CredentialsDelegation\AllowDefaultCredentials]

    ' 1 '=' "TERMSRV /".

    ' 2 '=' "TERMSRV /".

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CredentialsDelegation\AllowDefCredentialsWhenNTLMOnly]

    ' 1 '=' "TERMSRV /".

    ' 2 '=' "TERMSRV /".

    Made sure that - political 'always prompt client password during the connection' located in computer userconfiguration\administrative ordinateur\strategies\modeles Windows\Services Office Office Session to distance\securite.  is not set to "not configured". It changed to 'Disable '.

    However, still situation: I connect on the page web app remote with my credentials and to try to start Let's say Word, logon window will appear saying:

    Your credentials did not work.

    When I get my credentials that do not work and it asks me to enter it again.

    At the same time, strange record appears in the event viewer:

    New RemoteApp and desktop connection (RDS01.domain.com) is started by the user (esy8OkZAZ94BHhbY + 3 + KU95NykY =) without authentication credentials

    Could you please hint me what to do next and I missed something?

    UPD: I did a few tests. When I logging to remote.domain.com of the Organization to the outside, I get credentials on the first page of connection. Then I try to run Word, he asks the credentials again, I enter it and everything works. When I go to the terminal server server and go to remote.domain.com I enter the identification information on the first page of connection. Then I try to run word, windows with 'your credentials did not work' is displayed. Certificate is signed by a CA and shown as OK in Internet Explorer.

    UPD1: also when trying to launch published web app such event logged:

    Object:
    Security ID: NULL SID
    Account name: -.
    Account domain: -.
    Logon ID: 0x0

    Logon type: 3

    The account to which the connection failed:
    Security ID: NULL SID
    Account name: magent
    Domain account: cciminstitute

    Failure information:
    Reason for the failure: an error occurred during logon.
    Status: 0xC000006D
    Void / status: 0x0

    Process information:
    Calling process ID: 0x0
    The name of the calling process: -.

    Network information:
    Name of the workstation: CMIC-RDS01
    Source network address: -.
    Source port: -.

    Detailed authentication information:
    Process connection:
    Authentication package: NTLM
    Transited Services: -.
    Package Name (NTLM only): -.
    Key length: 0

    Hello

    Post your question in the TechNet Server Forums, as your question kindly is beyond the scope of these Forums.

    http://social.technet.Microsoft.com/forums/WindowsServer/en-us/home?category=WindowsServer

    See you soon.

  • SSO on vworkspace 8.0

    Hello

    I'm not able to activate SSO to work for the transparent window applications. I use Wyse ThinOS ver 8. In wnos.ini I SignOn = Yes and currently whwn I start the first application of transparent window, I am prompted to enter the user password. All additional seamless windows starts without asking for password.

    Any idea?

    Thanks in advance, Robert

    I thank the Andrew for the follow-up.

    I have solved the problem, so you can ignore the case.

    The problem is within the parameters of security layer RDP, which was the value security layer RDP, after negotiating it works

    Robert

    On Monday, January 13, 2014 at 09:39, Andrew Wood

  • WebWorks app and E - SSO

    Hello, hoping someone can help me solve this little problem.  I have an app webworks running in the scope of work that makes a call to a webserver using Jquery ajax, the Web server expects the user to be authenticated, from what I've read about the Enterprise SSO, this should be available out of the box, but I do not get the login prompt?

    E - SSO is configured on the BES/device and I tested it.  If I navigate to the same URL on the browser to work, I can authenticate and retrieve the data (JSON), the credentials are then cached and used on future attempts.

    E - SSO is supported with Jquery? I need to enable/check all services within the Webworks app?

    Thank you

    Hello

    Yes, it's a bug of the platform.  Thanks for bringing it to our attention.  I do not have exact time lines, but 10.3.2 will be out soon.

    Thank you

    Naveen M

  • Finesse SSO Bypass URL

    Dear users of the forum.

    I know these are the URL in order to bypass the SSO admin UCCX and ease of maintenance, but y at - it for Finesse? My customer is having some problems with Finesse and we suspect it might be THAT SSO associate who has been activated after they upgraded to 11.5 UCCX.

    • For Cisco Unified CCX Administration URL: https:///appadmin/recovery_login.htm

    • URL for Cisco Unified CCX of maintainability: https:///uccxservice/recovery_login.htm

    Thank you, Tim.

    Tim, it's not a URL of derivation for the Finesse you for the Administration of the CCX. The only option in the case of SSO does not will be to turn it off and let the agents login and authenticate either against CM or LDAP where CM is integrated with AD.

    Concerning

  • SSO on Cluster CUCM

    Hello

    question, if I activate, single sign - on on my cucm cluster, this means, that I must use SSO on the all endpoints, such as Jabber or TSP? We use CUCM 10.5.

    If possible, I would like to start by TSP uses SSO, and can also use Jabber.

    Kind regards

    René

    It is not possible. Once you enable SINGLE sign on your cluster, jabber automatically detects and attempt to use it.

  • SSO on Cisco WSA

    Hello

    Can someone give me a link concern the implementation of SSO on the WSA? (procedure)?

    In NTLM authentication, account registration must already exist on the ad server, or it can be created on the WSA to be accepted by the Ad Server?

    Best regards

    Hello

    User accounts must already exist in Active Directory so that the SINGLE sign-on to work. Now you ask about Single Sign On or you are missing just your users to authenticate transparently when opening IE?

    Erik K.

  • What product supports offline AD SSO

    Hello

    I read Cyberoam support AD offline for SSO. It copies the data from the user of AD. So when AD down, SSO may still work correctly.

    QUESTIONS RELATING TO THE:

    1. what product support of Cisco that form these lists.

    a. WSA

    (b) the ESA.

    c. CUCM

    d. ISE,

    Thank you

    The closest to this feature use WSA with CDA (context Directory Agent) that serve as authentication agent providing authentication WSA with the users information and store them in its local cache so all the customers from which AD server is offline, authentication will always continue to work.

    The CDA 2 patch, can now work with ISE as well.

    Please see below for the overview:

    http://www.Cisco.com/c/en/us/TD/docs/security/IBF/cda_10/Install_Config_guide/cda10/cda_oveviw.html

  • Problems with the management of the CSC/Cisco (associated with SSO) site

    Dear friends,

    I came across a problem with single sign - on (SSO) used in the Cisco's Web site and CSC which begins to be more and more awkward:

    1. I visit the CSC and connect you to reply to a thread. Then I start to reply to a message.
    2. In response, I need to consult the technical documentation, guides, configuration or other documents on Cisco's Web site. In another tab in my browser, I visit the Cisco's Web site and do my search/navigation.
    3. At some point, Cisco's Web site acknowledges that I am already connected to the CSC and begins to produce URLs with the /partner/ inside component (for example in the search results). By clicking on this URL causes me be redirected to the page of connection again. This is the first question - why do I have to log in again because I am already connected and SSO is supposed to take care of this?
    4. Well, I re-enter my credentials, get connected, access the necessary document, then I go back to my post on the CSC, finish it and submit it. KABOOM - CCS quickly informs me that I am without permission to perform this action, lose my answer in the process! Logging on to the Web site (as described in step 3) Cisco obviously invalid my current session on CSC! I need to connect again to the SCC (until I do that, she considers me as a guest once again, but when I click on the login link, I suddenly make me connected without enter my credentials) and, well, write again my answer. Sometimes, a part is recoverable, but usually, it is only a small fragment.

    Would it not be possible to correct this behavior? I lost a lot of time my lost rewrite responses.

    Best regards

    Peter

    Hi Peter,.

    I wanted to give you a quick update on the two issues.

    First question:

    We are currently working on a long term and short fix for this problem. Unfortunately the long-term solution will be a drawn out effort as we begin our new data of all content in our heritage Center. The team is currently testing the short-term solution, will keep you posted on the progress that I get more details.

    Second question:

    We currently do analysis of the root causes of this problem and give you updated each week on this issue that deploy us the patch.

    Thanks a lot again for you continued support and patience.

    Sainaba.

  • AD SSO with Server 2008

    Hello

    I have windows 2008 server running with NAC 4.7.2 but all users running xp AD SSO is possible or not because according to Cisco, vista must be installed.

    "You need to use Windows Server 2008 machines with KTPass version 6.0.6001.18000 client must be running Windows Vista with Cisco NAC Agent version 4.7.1.15 installed, to ensure that you are able to maintain the standard FIPS 140-2 compliance and support AD SSO.

    Y at - it a workaroun?

    Nameair,

    Workaround: forget KTPASS exists!

    Check your settings by this link and ensure that accounts are displayed correctly, as they do in AD:

    http://www.Cisco.com/en/us/docs/security/NAC/appliance/configuration_guide/48/CAs/s_adsso.html#wp1300720

    HTH,

    Faisal

    --

    If you find this article useful, please note so that others can easily find the answer

  • NAS SSO service could not started.

    Hello

    I have a problem that I can't start the SSO service on my NAS server in inline mode, but the service works well on my two NAS that are deployed on the OOB mode.

    It gives an error that could not start the service please chk configurations. I checked the logs nas_server.log I get the following error have any idea abt it

    DefaultDomain:type = com.perfigo.wlan.jmx.admin.ServerInfo:SSOUser = shkcas04

    2010-09-21 12:02:16.997 + 0500 com.perfigo.wlan.jmx.BeanServerWrapper - BeanServerWrapper - setAttribute DEBUG: DefaultDomain:type = com.perfigo.wlan.jmx.admin.ServerInfo:SSOUser = shkcas04:DURATION = 0

    2010-09-21 12:02:17.003 + 0500 com.perfigo.wlan.jmx.BeanServerWrapper - BeanServerWrapper - setAttribute DEBUG: DefaultDomain:type = com.perfigo.wlan.jmx.admin.ServerInfo:SSOPass = Cisco1234

    2010-09-21 12:02:17.003 + 0500 com.perfigo.wlan.jmx.BeanServerWrapper - BeanServerWrapper - setAttribute DEBUG: DefaultDomain:type = com.perfigo.wlan.jmx.admin.ServerInfo:SSOPass = Cisco1234:DURATION = 0

    2010-09-21 12:02:17.008 + 0500 com.perfigo.wlan.jmx.BeanServerWrapper - BeanServerWrapper - setAttribute DEBUG: DefaultDomain:type = com.perfigo.wlan.jmx.admin.ServerInfo:SSOKdc = pkshv002.apac.ad.ici.com

    2010-09-21 12:02:17.009 + 0500 com.perfigo.wlan.jmx.BeanServerWrapper - BeanServerWrapper - setAttribute DEBUG: DefaultDomain:type = com.perfigo.wlan.jmx.admin.ServerInfo:SSOKdc = pkshv002.apac.ad.ici.com:DURATION = 1

    2010-09-21 12:02:17.014 + 0500 com.perfigo.wlan.jmx.BeanServerWrapper - BeanServerWrapper - setAttribute DEBUG: DefaultDomain:type = com.perfigo.wlan.jmx.admin.ServerInfo:SSORealm = APAC. AD. ICI.COM

    2010-09-21 12:02:17.014 + 0500 com.perfigo.wlan.jmx.BeanServerWrapper - BeanServerWrapper - setAttribute DEBUG: DefaultDomain:type = com.perfigo.wlan.jmx.admin.ServerInfo:SSORealm = APAC.AD.ICI.COM:DURATION = 0

    2010-09-21 12:02:17.019 + 0500 DEBUG com.perfigo.wlan.jmx.BeanServerWrapper - BeanServerWrapper - call: DefaultDomain:type = com.perfigo.wlan.jmx.admin.ServerInfo:save

    2010-09-21 12:02:17.021 + 0500 DEBUG com.perfigo.wlan.jmx.BeanServerWrapper - BeanServerWrapper - call: DefaultDomain:type = com.perfigo.wlan.jmx.admin.ServerInfo:save:DURATION = 2

    2010-09-21 12:02:17.026 + 0500 DEBUG com.perfigo.wlan.jmx.BeanServerWrapper - BeanServerWrapper - call: DefaultDomain:type = com.perfigo.wlan.jmx.admin.ServerInfo:startSSOServer

    2010-09-21 12:02:17.026 + 0500 WARN com.perfigo.wlan.jmx.adsso.GSSServer - server did not work...

    2010-09-21 12:02:17.026 + 0500 INFO com.perfigo.wlan.jmx.adsso.GSSServer - server from the server...

    2010-09-21 12:02:17.026 + 0500 INFO com.perfigo.wlan.jmx.adsso.GSSServer - GSSServer - SPN: [[email protected] / * /]

    2010-09-21 12:02:17.026 + 0500 INFO com.perfigo.wlan.jmx.adsso.GSSServer - GSSServer - construction list kdc for domain pkshv002.apac.ad.ici.com

    [2010-09-21 12:02:18.470 + 0500 com.perfigo.wlan.ssl.SSLLog - RMISocketFactory DEBUG: adding socket: d3c940 [TLS_RSA_WITH_AES_128_CBC_SHA: Socket[addr=/10.92.15.1,port=15873,localport=1099]]

    2010-09-21 12:02:25.695 + 0500 com.perfigo.wlan.jmx.admin.FailSafeManager - FailSafeManager TRACE is running: {0.85,0.3, [0:0:15]}: DETECT_INTERVAL = 20:DETECT_TIME_OUT = 300

    2010-09-21 12:02:25.695 + 0500 TRACE com.perfigo.wlan.jmx.admin.FailSafeManager - FailSafeManager has nothing to do... 10.92.15.1:0:1

    [2010-09-21 12:02:25.695 + 0500 com.perfigo.wlan.jmx.admin.FailSafeManager - FailSafeManager PATH will sleep: delay of {0.85,0.3, [0:0:0}] = 20000

    2010-09-21 12:02:37.022 + 0500 com.perfigo.wlan.jmx.adsso.GSSServer ERROR - Unable to start server... pkshv002.apac.ad.ici.com

    2010-09-21 12:02:37.022 + 0500 DEBUG com.perfigo.wlan.jmx.BeanServerWrapper - BeanServerWrapper - call: DefaultDomain:type = com.perfigo.wlan.jmx.admin.ServerInfo:startSSOServer:DURATION = 19996

    2010-09-21 12:02:37.061 + 0500 com.perfigo.wlan.jmx.BeanServerWrapper - BeanServerWrapper - setAttribute DEBUG: DefaultDomain:type = com.perfigo.wlan.jmx.admin.ServerInfo:SSOState = 0

    2010-09-21 12:02:37.061 + 0500 com.perfigo.wlan.jmx.BeanServerWrapper - BeanServerWrapper - setAttribute DEBUG: DefaultDomain:type = com.perfigo.wlan.jmx.admin.ServerInfo:SSOState = 0:DURATION = 0

    2010-09-21 12:02:37.066 + 0500 DEBUG com.perfigo.wlan.jmx.BeanServerWrapper - BeanServerWrapper - call: DefaultDomain:type = com.perfigo.wlan.jmx.admin.ServerInfo:save

    2010-09-21 12:02:37.067 + 0500 DEBUG com.perfigo.wlan.jmx.BeanServerWrapper - BeanServerWrapper - call: DefaultDomain:type = com.perfigo.wlan.jmx.admin.ServerInfo:save:DURATION = 1

    2010-09-21 12:02:39.598 + 0500 com.perfigo.wlan.jmx.BeanServerWrapper - BeanServerWrapper - isRegistered DEBUG: DefaultDomain:type = com.perfigo.wlan.jmx.admin.ServerInfo

    2010-09-21 12:02:39.598 + 0500 com.perfigo.wlan.jmx.BeanServerWrapper - BeanServerWrapper - isRegistered DEBUG: DefaultDomain:type = com.perfigo.wlan.jmx.admin.ServerInfo:DURATION = 0

    2010-09-21 12:02:39.603 + 0500 DEBUG com.perfigo.wlan.jmx.BeanServerWrapper - BeanServerWrapper - unregisterMBean: DefaultDomain:type = com.perfigo.wlan.jmx.admin.ServerInfo

    2010-09-21 12:02:39.603 + 0500 DEBUG com.perfigo.wlan.jmx.BeanServerWrapper - BeanServerWrapper - unregisterMBean: DefaultDomain:type = com.perfigo.wlan.jmx.admin.ServerInfo:DURATION = 0

    2010-09-21 12:02:39.608 + 0500 com.perfigo.wlan.jmx.BeanServerWrapper - BeanServerWrapper - createMBean DEBUG: com.perfigo.wlan.jmx.admin.ServerInfo:DefaultDomain:type = com.perfigo.wlan.jmx.admin.ServerInfo:CAS:type = MLet, name = casLoader

    2010-09-21 12:02:39.609 + 0500 com.perfigo.wlan.jmx.BeanServerWrapper - BeanServerWrapper - createMBean DEBUG: com.perfigo.wlan.jmx.admin.ServerInfo:DefaultDomain:type = com.perfigo.wlan.jmx.admin.ServerInfo:CAS:type = MLet, name = casLoader:DURATION = 1

    2010-09-21 12:02:39.615 + 0500 DEBUG com.perfigo.wlan.jmx.BeanServerWrapper - BeanServerWrapper - call: DefaultDomain:type = com.perfigo.wlan.jmx.admin.ServerInfo:init

    2010-09-21 12:02:39.615 + 0500 DEBUG com.perfigo.wlan.jmx.BeanServerWrapper - BeanServerWrapper - invoke:

    Concerning

    Waqas

    Waqas,

    From a session SSH on the CASE, can you ping the server and post the answer?

    Faisal

  • NAC OOB AD SSO

    Hello

    I am configuring SSO OOB of the NAC with AD. The software on my CASE and the CAM is 4.7 (2)

    and my ad is Windows Server 2008.

    I have some information I must not run ktpass with this version of the software of the NAC (4.7.2)

    on the AD server. Is this true? Because I found this kind of information in any textbook.

    So I run the ktpass, and if I do, what version should I use?

    Thank you

    Zoran,

    Check out this link. Even though it says it's for 4.8, he works with 4.7.2 also:

    http://www.Cisco.com/en/us/docs/security/NAC/appliance/configuration_guide/48/CAs/s_adsso.html#wp1300720

    HTH,

    Faisal

  • Urgent - NAC V 4.8 AD SSO for WIN 2008 64 bit support

    Hi all

    Cisco NAC V 4.8 support AD SSO with WIN 2008 64 bit?, & I want to configure AD SSO in win 2008 64 bit with output KTPass running the command.

    I tried in 32-bit Win 2008, ts works great, but the customer needs to upgrade their ad to win 2008 64 bit. Waiting for your valuable answers.

    Concerning

    Dietsch

    Dietsch,

    It's supported (R2 and Enterprise only!). Check table 7 on this page:

    http://www.Cisco.com/en/us/docs/security/NAC/appliance/support_guide/agntsprt.html#wp66672

    HTH,

    Faisal

  • SSO and IIS 7.5

    Does anyone have advice on how to configure JBoss 7.1.1.Final to enable SSO using IIS 7.5 with integrated windows authentication successfully. This used to be a simple process on CCP 9.3.2 but I had no chance configuration JBoss 7.1.1.Final to use SSO. The papers always just the "LoginId not found for SSO in Httpentete.

    I install IIS redirection successfully using the isapi filter to connect to the application for an SPC, but got nothing more.

    I think that the stand-alone file - full.xml needs to be changed in a way to allow the standards body, ideas?

    Hello

    We have solved this problem, it is a known with JBoss 7.1.1 bug where headers are not passed through correctly. TAC had given us a JAR of JBoss file patched version to solve this problem.

  • Supported Macintosh SSO in the NAC version 4.7.2

    Is it possible to do SSO with a Macintosh uses the last agent and NAC version 4.7.2.

    (I have not seen documentation so be it).

    Thank you!

    Bob

    Bob,

    Yes SSO VPN.

    SSO AD No.

    HTH,

    Faisal

Maybe you are looking for

  • Equium A200-15I - replacement hard drive

    Hi guys,. I was wondering if you could help me, you want to replace the hard drive of my laptop (Toshiba Equium A200-15I). its 3-4 years old and just get some small and old.Is it easy to replace, is it just another wack in and load the disc vista res

  • index of password for access to the

    I recently changed my password and have a password hint.  I am the administrator of the computer and I have not the Welcome screen enabled we will I access my index of password since I forgot it!  Y at - it another way to access my password hint.  I

  • where can I find the driver for GMA 900 and Windows XP operating system please.

    I have a desktop computer with Intel D915GAG motherboard and no plug PCI.  I installed Windows XP, but the Device Manager displays another device with yellow question mark and the display is abnormal and cannot be changed.  I think I need the driver

  • Lost/Missing/Deleted - file "c:\Windows\repair\system.

    Laptop: gateway MX3225 / XP Home Edition / 1 GB Ram / fully updated to SP3 / M 1.5 G CPU Had a virus and removed TI rebooted for system, black screen of death, managed to install Recovery Console, use step 1 by recovering a corrupted registry, ended

  • Takes 20 minutes to get 10 emails sometimes more

    I have noticed that now, it takes about 4 minutes or more to download a simple email using winmail... why that would be?   I disabled the checking e-mail Kaspersky... thinking he was responsible for the delay... but no change.  I packed the database