Sybase NNTP forums - End Of Life (EOL)

The NNTP forums from Sybase - forums.sybase.com - are now closed.

All new questions should be directed to the appropriate forum at the SAP Community Network (SCN).

Individual products have links to the respective forums on SCN, or you can go to SCN and search for your product in the search box (upper right corner) to find your specific developer center.

Afaria integrated with customized authentication

2 posts in General Last posting was on 2008-08-20 15:35:51.0Z
jencheng Posted on 2008-08-20 09:25:44.0Z
From: "jencheng" <jencheng@sybase.com>
Newsgroups: ianywhere.public.afaria.general
Subject: Afaria integrated with customized authentication
Lines: 14
X-Priority: 3
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Outlook Express 6.00.2900.3138
X-RFC2646: Format=Flowed; Original
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3198
NNTP-Posting-Host: vip152.sybase.com
X-Original-NNTP-Posting-Host: vip152.sybase.com
Message-ID: <48abe318@forums-1-dub>
Date: 20 Aug 2008 02:25:44 -0700
X-Trace: forums-1-dub 1219224344 10.22.241.152 (20 Aug 2008 02:25:44 -0700)
X-Original-Trace: 20 Aug 2008 02:25:44 -0700, vip152.sybase.com
X-Authenticated-User: techsupp
Path: forums-1-dub!not-for-mail
Xref: forums-1-dub ianywhere.public.afaria.general:116
Article PK: 339

A CT would like to know how Afaria authentication could be integrated into
its "Single Sign-on" mechanism, which is a customized application rather
than a LDAP system. Basically, they wants to do "session authentication".
Once the user login into their "Single Sign-on". Then it could bring the
authentication cookies into Afaria Administration. That means it can let the
user to login into certain Afaria Administration pages dynamically, instead
of login from the top of Afaria Administration. This is because of the
security policy which each application should go through the "single
sign-on" mechanism.


Jencheng


Christopher Heeter Posted on 2008-08-20 15:35:51.0Z
Reply-To: "Christopher Heeter" <SybaseiAnywhere@Live.com>
From: "Christopher Heeter" <SybaseiAnywhere@Live.com>
Newsgroups: ianywhere.public.afaria.general
References: <48abe318@forums-1-dub>
Subject: Re: Afaria integrated with customized authentication
Lines: 40
Organization: Sybase iAnywhere
X-Priority: 3
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Outlook Express 6.00.2900.5512
X-RFC2646: Format=Flowed; Response
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.5579
NNTP-Posting-Host: vip152.sybase.com
X-Original-NNTP-Posting-Host: vip152.sybase.com
Message-ID: <48ac39d7$1@forums-1-dub>
Date: 20 Aug 2008 08:35:51 -0700
X-Trace: forums-1-dub 1219246551 10.22.241.152 (20 Aug 2008 08:35:51 -0700)
X-Original-Trace: 20 Aug 2008 08:35:51 -0700, vip152.sybase.com
Path: forums-1-dub!not-for-mail
Xref: forums-1-dub ianywhere.public.afaria.general:120
Article PK: 245

Jencheng,
The Afaria Administrator by default uses integrated Windows
Authentication when the website is created in IIS. This means that by
default the user logged into Windows is passed via Internet Explorer to the
web server. The user, under default configuration, should not have to enter
credentials manually.

All access to individual pages are controlled by Access Policy roles
defined within the Afaira Administrator. There is not a way to circumvent
the requirement of checking the user credential against the access policy
roles. If we exposed that we would be creating a big security hole.

If you request a page underneath the site without FIRST having hit the
"Server List page" as your entry point,
http://<ServerName>/Afaria/Common/Mainframe.aspx?Section=Server+List
you will receive an error. After you have entered the through the Server
List page, the credential (I believe) is cached: For example, if you want to
open another tab in IE7, you can visit a page directly.

Thanks,
Chris

"jencheng" <jencheng@sybase.com> wrote in message
news:48abe318@forums-1-dub...
>A CT would like to know how Afaria authentication could be integrated into
>its "Single Sign-on" mechanism, which is a customized application rather
>than a LDAP system. Basically, they wants to do "session authentication".
>Once the user login into their "Single Sign-on". Then it could bring the
>authentication cookies into Afaria Administration. That means it can let
>the user to login into certain Afaria Administration pages dynamically,
>instead of login from the top of Afaria Administration. This is because of
>the security policy which each application should go through the "single
>sign-on" mechanism.
>
>
> Jencheng
>