Thank you Joseph for your collaboration.

Ok, what about “External Authentication with CiscoSecure ACS for Authenticating Users Using SSO Server ?

Cisco ACS provides a central RADIUS authentication gateway that can be configured for multiple back-end as LMS and Cisco Security Manager .

I explane better:

Actualy, I have Cisco Secure ACS Server integrated with LMS 4.0 and Cisco Security Manager.

Suppose that:

Single Sign On is designed as an easy to deploy and use technology. It integrates

directly into Microsoft’s Active Directory and negates the need for additional User

Security databases. Single Sign On consists of two core elements: a Radius Server and

Authentication server. The Authentication server is directly integrated with LDAP or

Active Directory in real time.

You think that will work in this way?

I'm not sure.  We did not test it.  I don't think it will, though.  You have to go to the LMS page to authenticate.  Regardless of whatever tokens you may have from your SSO system, LMS will still need its own.  Therefore, if you authenticate through your portal, then go to LMS, LMS will still prompt you for its own authentication.  Only then will it contact the AAA server to validate.

Yes, i know that LMS will still prompt you for its own authentication, because it need to ACTIVATE COOKIES !

How cookies work :

• User tries to access protected application
  
• Redirects user to login server
  
• Authenticates against the Active Directory.
  
• Redirects back to application with username in an encrypted cookie.
  

I think by using cookies in that way, there is no need to go LMS homepage to authenticate .

What you think?

Thank you Joseph

LMS will not know to redirect to the login server.  The way LMS's external authentication works is for the backend to query the AAA server.  The client never sees this piece.  Part of the authentication within LMS is to establish a session and session ID.  This will not be done from the external portal.

Thank you alot Joseph for this useful information.

I found this information about the argument - Navigating Through the SSO Domain :

http://www.cisco.com/en/US/docs/net_mgmt/ciscoworks_common_services_software/3.0/user/guide/admin.html#wp388534

I need to Clik Application from Portal SSO as LMS Application using the URL:// as show the example,  clicking on the registered link will launch the CiscoWorks Homepage of server ABC.

What you think?

This SSO is for multiple instance of LMS (or other Common Services based applications).  It will not work with an external (no CiscoWorks) application.

Finaly, i can understand that is no way to do External Authentication Ciscoworks lms 4.0 with Third party?

No way? WHO IT POSSIBLE !!

To be clear, external authentication is possible with LMS.  However, what is not possible is using a login page other than the LMS login page to do the external authentication.  You can certainly configure LMS to use a TACACS+, Radius, or LDAP server to provide authentication.  But the user must login on the LMS login page.  If you have an SSO portal for your organization, you can use the same credentials to drive that portal and the LMS login, but users will have to enter their credentials twice: once on the SSO portal and once in LMS.

That’s great,

Users will have to enter their credentials twice: once on the SSO portal and once in LMS !!

To avoid This happen for the second time, I mean every time the client accesses the same server. I must do the following:

• I must Activate I cookies on the SSO Portal Bowser:
  
• using SSO portal Cookies help to :
  

HTTP Cookies are used to perform authentication and tracking of sessions

This way can help us for build sessions.

I Think in that way, we don’ need to login on the LMS again, but direct access to the HOME PAGE of LMS !!

You think it will be work doing this?

The existing authentication system supports an external web service API, or you have a development resource which may create a “wrapper”  around your authentication service to make it available.

I AM LOOKING TO UNDERSTAND IF IT POSSIBLE TO LAUNCH LINK LIKE:

HTTP://server_lms:1741/homepage.do    AS EXTERNAL APPLICATION TO LOGIN IN THE LMS HOME PAGE DIRECTORY !!!!

SORRY I MEAN:

TO LOGIN IN THE LMS HOME PAGE DIRECT ACCESS !!!!

No.  What you want to do is not possible with LMS.  The only way to login to LMS is to use the LMS login page.