Process Mapping Logo

Process Mapping - Forums

Sharing 19 years of knowledge and experience

 
Metastorm BPM forums
Sign up Latest Topics
 
 
 


Reply
  Author   Comment  
frank

New Member
Registered:
Posts: 2
Reply with quote  #1 
Hello,

I have configured an V9.3-engine to use SSO. Now I want to use two authentication modes (SSO and username/password). This should be defined by the URL used by the user.
For example:
http://hostname/metastorm -> SSO
http://hostname/metastormNoSSO -> no SSO - the user has to enter username and password

Is this configuration possible?

Thank you for your help...!

Best regards,
Frank
0
BMellert

Guru
Registered:
Posts: 688
Reply with quote  #2 
It should be possible.  At a minimum you will have to copy your <MBPMhome>\Web (e.g. to <MBPMhome>\WebNoSSO directory) and make the necessary adjustments there (or copy before setting up SSO so most of the login credentials are there).

I'm not as sure about this part, but you will likely need to have both the SSO and non-SSO options in your log-in scripts.

I have to wonder though, if you want the security of SSO, why would you have a non-secured option?  (Actually, I can think of one reason, but it still violates general security.)  There is actually a way -- discovered by accident, confirmed with OpenText -- to get the log-in prompt even in an SSO environment.  We used to have "blank" passwords until we discovered this.
0
JoeOmerta

Veteran
Registered:
Posts: 210
Reply with quote  #3 
Is there a way to enforce passwords using SSO?  Like have it pass the windows credentials?  That way if someone does hit the login.aspx page they can't login as anyone else?
0
frank

New Member
Registered:
Posts: 2
Reply with quote  #4 
Thank you for the advice with login.aspx.
In my case, it works.

One small problem is that the username of the logged in user is still shown in the menu of metastorm BPM. The currently logged in metastorm user is not shown - but it is logged in. There are the ToDo- and Watch-List of this user.
0
JoeOmerta

Veteran
Registered:
Posts: 210
Reply with quote  #5 
That might be an IIS setting.  My test environment has an isolated "MetastormFormsAuth" which forces a login.  That shows the proper username instead of the SSO name.  In IIS, the authentication has Anonymous, ASP .NET, and Forms Authentication enabled.

The normal Metastorm uses SSO and only has ASP .NET and Windows Authentication enabled
0
Jerome

Avatar / Picture

Guru
Registered:
Posts: 5,507
Reply with quote  #6 
One thing I have noticed is that with SSO, if you are not registered, you get logged in anyway, and we do not have the anonymous user facility installed. If you use the role 'everyone' (that we proposed here and Metastorm have picked up in their tips), all those blank and admin forms are available.

A sort of subtle way to get anonymous access without paying for it, in fact....

__________________
Post an example, and we will have a much better idea what the problem is. In about 90% of posts, the problem is one of communication. Examples bridge that gap.
0
Previous Topic | Next Topic
Print
Reply

Quick Navigation:


Create your own forum with Website Toolbox!