Discussion:
Single Signon
(too old to reply)
Han van Schie
2005-10-19 07:47:09 UTC
Permalink
I am looking for a PHP and/or PERL script for Single Signon in a Netware environment. Once a user is authenticated in the normal way using the Client32, he/she doesn't have to authenticate to sites in the Intranet.
To make it more complicated, he/she can or can not fill in certain fields in a Webform depending of the NDS GROUP one is member of.

Is there such a script or do I have to look for a standard Novell product?

Many thanks
Christian Hofstaedtler
2005-10-19 11:09:40 UTC
Permalink
Well, BorderManager and/or iChain are "known" to do just that; can't
remember right now which of them will do true single sign on (with
Windows client and stuff) though.

hth,
/ch
Post by Han van Schie
I am looking for a PHP and/or PERL script for Single Signon in a Netware environment. Once a user is authenticated in the normal way using the Client32, he/she doesn't have to authenticate to sites in the Intranet.
To make it more complicated, he/she can or can not fill in certain fields in a Webform depending of the NDS GROUP one is member of.
Is there such a script or do I have to look for a standard Novell product?
Many thanks
Han van Schie
2005-10-19 12:29:12 UTC
Permalink
But iChain and Bordermanager are just applications for the outside going in. I look for a solution for the Intranet, Identity Manager (DirXml) offers this solution but look at the costs.

Thanks for your reply, Christian
Well, BorderManager and/or iChain are "known" to do just that; can't
remember right now which of them will do true single sign on (with
Windows client and stuff) though.

hth,
/ch
Post by Han van Schie
I am looking for a PHP and/or PERL script for Single Signon in a Netware environment. Once a user is authenticated in the normal way using the Client32, he/she doesn't have to authenticate to sites in the Intranet.
To make it more complicated, he/she can or can not fill in certain fields in a Webform depending of the NDS GROUP one is member of.
Is there such a script or do I have to look for a standard Novell product?
Many thanks
Guenter Knauf, DevNet SysOp 32
2005-10-19 13:37:16 UTC
Permalink
Hi Han,
it depends on how secure this has to be;
f.e. there are ident daemons which can run on Win32 workstation:
http://www.gknw.com/mirror/identd/
the username identd provides can then be accessed from Apache with a
variable...
another approach I had in mind is to search for the IP the user comes from
in the server's connection table, and if a match is found the user seems to
be logged-in with a client, and then use that username....
I did even code an Apache module for testing that - however only for Apache
1.3.x since the functions I had to use were only available in clib...
but it should be possible to just do the same with Nscript, Perl, or PHP if
you use the UCS/UCX components....

Guenter.
Post by Han van Schie
But iChain and Bordermanager are just applications for the outside going
in. I look for a solution for the Intranet, Identity Manager (DirXml)
offers this solution but look at the costs.
Thanks for your reply, Christian
Well, BorderManager and/or iChain are "known" to do just that; can't
remember right now which of them will do true single sign on (with
Windows client and stuff) though.
hth,
/ch
Post by Han van Schie
I am looking for a PHP and/or PERL script for Single Signon in a
Netware environment. Once a user is authenticated in the normal way
using the Client32, he/she doesn't have to authenticate to sites in the
Intranet. To make it more complicated, he/she can or can not fill in
certain fields in a Webform depending of the NDS GROUP one is member
of.
Is there such a script or do I have to look for a standard Novell product?
Many thanks
Guenter Knauf, DevNet SysOp 32
2005-10-19 15:39:38 UTC
Permalink
Hi Han,
it depends on how secure this has to be;
f.e. there are ident daemons which can run on Win32 workstation:
http://www.gknw.com/mirror/identd/
the username identd provides can then be accessed from Apache with a
variable...
another approach I had in mind is to search for the IP the user comes from
in the server's connection table, and if a match is found the user seems to
be logged-in with a client, and then use that username....
I did even code an Apache module for testing that - however only for Apache
1.3.x since the functions I had to use were only available in clib...
but it should be possible to just do the same with Nscript, Perl, or PHP if
you use the UCS/UCX components....

Guenter.
Post by Han van Schie
But iChain and Bordermanager are just applications for the outside going
in. I look for a solution for the Intranet, Identity Manager (DirXml)
offers this solution but look at the costs.
Thanks for your reply, Christian
Well, BorderManager and/or iChain are "known" to do just that; can't
remember right now which of them will do true single sign on (with
Windows client and stuff) though.
hth,
/ch
Post by Han van Schie
I am looking for a PHP and/or PERL script for Single Signon in a
Netware environment. Once a user is authenticated in the normal way
using the Client32, he/she doesn't have to authenticate to sites in the
Intranet. To make it more complicated, he/she can or can not fill in
certain fields in a Webform depending of the NDS GROUP one is member
of.
Is there such a script or do I have to look for a standard Novell product?
Many thanks
Guenter Knauf, DevNet SysOp 32
2005-10-19 17:20:42 UTC
Permalink
Hi Han,
I've just hacked a php script which shows my idea I described:
http://www.gknw.com/php/phpscripts/nwwhoami.php
its very easy to make a Perl script out of this if you prefer...

Guenter.
Post by Guenter Knauf, DevNet SysOp 32
Hi Han,
it depends on how secure this has to be;
http://www.gknw.com/mirror/identd/
the username identd provides can then be accessed from Apache with a
variable...
another approach I had in mind is to search for the IP the user comes
from in the server's connection table, and if a match is found the user
seems to be logged-in with a client, and then use that username....
I did even code an Apache module for testing that - however only for
Apache 1.3.x since the functions I had to use were only available in
clib... but it should be possible to just do the same with Nscript,
Perl, or PHP if you use the UCS/UCX components....
Guenter.
Post by Han van Schie
But iChain and Bordermanager are just applications for the outside
going in. I look for a solution for the Intranet, Identity Manager
(DirXml) offers this solution but look at the costs.
Thanks for your reply, Christian
Well, BorderManager and/or iChain are "known" to do just that; can't
remember right now which of them will do true single sign on (with
Windows client and stuff) though.
hth,
/ch
Post by Han van Schie
I am looking for a PHP and/or PERL script for Single Signon in a
Netware environment. Once a user is authenticated in the normal way
using the Client32, he/she doesn't have to authenticate to sites in
the Intranet. To make it more complicated, he/she can or can not fill
in certain fields in a Webform depending of the NDS GROUP one is
member of.
Is there such a script or do I have to look for a standard Novell product?
Many thanks
Alex Warmerdam
2005-10-19 18:45:12 UTC
Permalink
D.d. Wed, 19 Oct 2005 15:39:38 GMT, "Guenter Knauf, DevNet SysOp 32"
<***@novell.com> schreef het volgende:

Hi,

Isn't VO doing this allready. At least with nw65sp3 it just seem to be
the case.

If it is run from a workstation that allready has an ncp authenticated
connection it does use that one.
Post by Guenter Knauf, DevNet SysOp 32
Hi Han,
it depends on how secure this has to be;
http://www.gknw.com/mirror/identd/
the username identd provides can then be accessed from Apache with a
variable...
another approach I had in mind is to search for the IP the user comes from
in the server's connection table, and if a match is found the user seems to
be logged-in with a client, and then use that username....
I did even code an Apache module for testing that - however only for Apache
1.3.x since the functions I had to use were only available in clib...
but it should be possible to just do the same with Nscript, Perl, or PHP if
you use the UCS/UCX components....
Guenter.
Post by Han van Schie
But iChain and Bordermanager are just applications for the outside going
in. I look for a solution for the Intranet, Identity Manager (DirXml)
offers this solution but look at the costs.
Thanks for your reply, Christian
Well, BorderManager and/or iChain are "known" to do just that; can't
remember right now which of them will do true single sign on (with
Windows client and stuff) though.
hth,
/ch
Post by Han van Schie
I am looking for a PHP and/or PERL script for Single Signon in a
Netware environment. Once a user is authenticated in the normal way
using the Client32, he/she doesn't have to authenticate to sites in the
Intranet. To make it more complicated, he/she can or can not fill in
certain fields in a Webform depending of the NDS GROUP one is member
of.
Is there such a script or do I have to look for a standard Novell product?
Many thanks
Ben Eisemann
2005-10-20 17:56:10 UTC
Permalink
Guenter,

I tried your first solution and it worked... almost. It seems to be pulling the windows username, and not the netware client username. Is there anyway to get it to pull the netware client username?


God Bless,

Ben T. Eisemann
Web Developer
Lancaster Bible College and Graduate School
www.LBC.edu
Hi Han,
it depends on how secure this has to be;
f.e. there are ident daemons which can run on Win32 workstation:
http://www.gknw.com/mirror/identd/
the username identd provides can then be accessed from Apache with a
variable...
another approach I had in mind is to search for the IP the user comes from
in the server's connection table, and if a match is found the user seems to
be logged-in with a client, and then use that username....
I did even code an Apache module for testing that - however only for Apache
1.3.x since the functions I had to use were only available in clib...
but it should be possible to just do the same with Nscript, Perl, or PHP if
you use the UCS/UCX components....

Guenter.
Post by Han van Schie
But iChain and Bordermanager are just applications for the outside going
in. I look for a solution for the Intranet, Identity Manager (DirXml)
offers this solution but look at the costs.
Thanks for your reply, Christian
Well, BorderManager and/or iChain are "known" to do just that; can't
remember right now which of them will do true single sign on (with
Windows client and stuff) though.
hth,
/ch
Post by Han van Schie
I am looking for a PHP and/or PERL script for Single Signon in a
Netware environment. Once a user is authenticated in the normal way
using the Client32, he/she doesn't have to authenticate to sites in the
Intranet. To make it more complicated, he/she can or can not fill in
certain fields in a Webform depending of the NDS GROUP one is member
of.
Is there such a script or do I have to look for a standard Novell product?
Many thanks
Guenter Knauf, DevNet SysOp 32
2005-10-20 20:04:42 UTC
Permalink
Hi Ben,
Post by Ben Eisemann
I tried your first solution and it worked... almost. It seems to be
pulling the windows username, and not the netware client username. Is
there anyway to get it to pull the netware client username?
I dont think so - I have just checked; however it might be possible to do
an object search with the username you have unique usernames...

but - as you might have seen already - its a quick hack from another quick
hack which just displays all connections:
http://www.gknw.com/php/phpscripts/tstucxconn2.php

also there are other problems - please see also the php forum where's
another reply...

to all (not Ben, he did): please keep an eye on the targeted newsgroups,
and make sure that this thread targets both newsgroups! thanks!

and just another hint: NTLM would be something which we could use - however
all C stuff I tried so far had problems....

now with the new Apache 2.1.x authentication model it would be so cool if
someone would write a NTLM provider....

for PHP there seems to be a class:
http://www.phpclasses.org/browse/package/1888.html
however I was too lazy to register - if some does and gets the file please
mail me and I take a look what we can do with it...

Guenter.
Alex Warmerdam
2005-10-21 07:34:36 UTC
Permalink
D.d. Thu, 20 Oct 2005 20:04:42 GMT, "Guenter Knauf, DevNet SysOp 32"
<***@novell.com> schreef het volgende:

Hi,
Post by Guenter Knauf, DevNet SysOp 32
now with the new Apache 2.1.x authentication model it would be so cool if
someone would write a NTLM provider....
Get the source code for ntlm i would say :)
http://www.geniuz.cz/ntlm/

John Bodoni
2005-10-19 16:43:24 UTC
Permalink
Post by Han van Schie
But iChain and Bordermanager are just applications for the outside going in. I look for a solution for the Intranet, Identity Manager (DirXml) offers this solution but look at the costs.
Bordermanager is a proxy for outbound traffic.

John
Christian Hofstaedtler
2005-10-19 18:18:49 UTC
Permalink
Post by John Bodoni
Post by Han van Schie
But iChain and Bordermanager are just applications for the outside going in. I look for a solution for the Intranet, Identity Manager (DirXml) offers this solution but look at the costs.
Bordermanager is a proxy for outbound traffic.
Well, I don't see how dirxml can help you here; if you are writing the
application, just let it use ldap and your edirectory tree.
BM can do reverse and forward acceleration and authentication, so this
would probably do what I think of single sign on...

/ch
John Bodoni
2005-10-19 12:26:42 UTC
Permalink
Post by Christian Hofstaedtler
Well, BorderManager and/or iChain are "known" to do just that; can't
remember right now which of them will do true single sign on (with
Windows client and stuff) though.
BorderManager has CLNTRUST.EXE

John
Guenter Knauf, DevNet SysOp 32
2005-10-19 17:26:01 UTC
Permalink
Hi Han,
one thing for next posts: if you want to post the same to more than one
group as you just did (perl and php) then please do that with _one_ post
where you simply add the second or third group separated with comma - just
see this post....

and to all others: please reply from now on to this reply only, or add self
the second missing group, or we will end up with 50% of the thread in perl
forum and 50% of the thread in the php forum, and many who post either here
or there dont know what others posted to the same thread in the other
group...

thanks, Guenter.
Post by Han van Schie
I am looking for a PHP and/or PERL script for Single Signon in a Netware
environment. Once a user is authenticated in the normal way using the
Client32, he/she doesn't have to authenticate to sites in the Intranet.
To make it more complicated, he/she can or can not fill in certain
fields in a Webform depending of the NDS GROUP one is member of.
Is there such a script or do I have to look for a standard Novell
product?
Many thanks
Continue reading on narkive:
Loading...