08-04-2011 04:35 AM
Hello,
i would like to integrate Ciscoworks lms 4,0 with WEB-SERVER(Third Party) for Authenticating Users Navigating Through the Third Party as Single Sign On (Portal SSO).
This application provide a functionally launching management data and functionality thru simple one-click operations for Interacting With CiscoWorks Homepage .
My question is:
There is any document or any suggestions to do this?
Thanks.
08-07-2011 11:26 AM
LMS does not support thins kind of single sign-on. If you want to be able to authenticate users through a centralized server, that server must be one of TACACS+, Radius, or LDAP. A portal-based SSO will not work.
08-08-2011 05:49 AM
Thank you Joseph for your collaboration.
Ok, what about “External Authentication with CiscoSecure ACS for Authenticating Users Using SSO Server ?
Cisco ACS provides a central RADIUS authentication gateway that can be configured for multiple back-end as LMS and Cisco Security Manager .
I explane better:
Actualy, I have Cisco Secure ACS Server integrated with LMS 4.0 and Cisco Security Manager.
Suppose that:
Single Sign On is designed as an easy to deploy and use technology. It integrates
directly into Microsoft’s Active Directory and negates the need for additional User
Security databases. Single Sign On consists of two core elements: a Radius Server and
Authentication server. The Authentication server is directly integrated with LDAP or
Active Directory in real time.
You think that will work in this way?
08-08-2011 08:12 AM
I'm not sure. We did not test it. I don't think it will, though. You have to go to the LMS page to authenticate. Regardless of whatever tokens you may have from your SSO system, LMS will still need its own. Therefore, if you authenticate through your portal, then go to LMS, LMS will still prompt you for its own authentication. Only then will it contact the AAA server to validate.
08-09-2011 12:59 AM
Yes, i know that LMS will still prompt you for its own authentication, because it need to ACTIVATE COOKIES !
How cookies work :
I think by using cookies in that way, there is no need to go LMS homepage to authenticate .
What you think?
Thank you Joseph
08-09-2011 09:56 AM
LMS will not know to redirect to the login server. The way LMS's external authentication works is for the backend to query the AAA server. The client never sees this piece. Part of the authentication within LMS is to establish a session and session ID. This will not be done from the external portal.
08-10-2011 12:30 AM
Thank you alot Joseph for this useful information.
I found this information about the argument - Navigating Through the SSO Domain :
I need to Clik Application from Portal SSO as LMS Application using the URL:// as show the example, clicking on the registered link will launch the CiscoWorks Homepage of server ABC.
What you think?
08-10-2011 12:35 AM
This SSO is for multiple instance of LMS (or other Common Services based applications). It will not work with an external (no CiscoWorks) application.
08-10-2011 12:50 AM
Finaly, i can understand that is no way to do External Authentication Ciscoworks lms 4.0 with Third party?
No way? WHO IT POSSIBLE !!
08-10-2011 10:30 AM
To be clear, external authentication is possible with LMS. However, what is not possible is using a login page other than the LMS login page to do the external authentication. You can certainly configure LMS to use a TACACS+, Radius, or LDAP server to provide authentication. But the user must login on the LMS login page. If you have an SSO portal for your organization, you can use the same credentials to drive that portal and the LMS login, but users will have to enter their credentials twice: once on the SSO portal and once in LMS.
08-11-2011 04:52 AM
That’s great,
Users will have to enter their credentials twice: once on the SSO portal and once in LMS !!
To avoid This happen for the second time, I mean every time the client accesses the same server. I must do the following:
HTTP Cookies are used to perform authentication and tracking of sessions
This way can help us for build sessions.
I Think in that way, we don’ need to login on the LMS again, but direct access to the HOME PAGE of LMS !!
You think it will be work doing this?
08-14-2011 04:49 AM
The existing authentication system supports an external web service API, or you have a development resource which may create a “wrapper” around your authentication service to make it available.
I AM LOOKING TO UNDERSTAND IF IT POSSIBLE TO LAUNCH LINK LIKE:
HTTP://server_lms:1741/homepage.do AS EXTERNAL APPLICATION TO LOGIN IN THE LMS HOME PAGE DIRECTORY !!!!
08-14-2011 04:51 AM
SORRY I MEAN:
TO LOGIN IN THE LMS HOME PAGE DIRECT ACCESS !!!!
08-14-2011 09:29 AM
No. What you want to do is not possible with LMS. The only way to login to LMS is to use the LMS login page.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide