I am trying to enable a single-sign-on for a sitecore website.
I have installed and configured the Sitecore AD module.
( as instructed here : http://sdn.sitecore.net/upload/sdn5/modules/ad/sitecore_active_directory_module_guide_sc62-65-usletter.pdf )
This made it possible to use a single-sign-on for the sitecore CMS functionality.
But on the actual website this doesn't seem to help me out.
Users should be automatically logged in ( single-sign-on )
Anyone know how i can achieve this ?
The AD module will connect you to Active Directory and the instructions for the module will show you how authors can sign in automatically to the content management interface. This is the primary purpose of the Active Directory module.
That being said, you can also use it for end-user SSO if that is your goal. I've accomplished this in the past by setting up some .NET code in the Session_Start of the Global.asax to extract the current user's credentials and then log them in using the AuthenticationManager.
There is a similar question on SO with suggested solutions that can be found here: Sitecore with LDAP - authenticate programmatically
Related
I have been using https://www.google.com/m8/feeds/ to list all users of a domain when the admin installed my web application.
This api has been deprecated for a while and is now disabled. We are advised to use the new directory api.
However, in order to use the directory api, the admin of the domain must have enabled the api access with a checkbox in a deep menu item. It goes without saying that many of them will have the admin api access disabled.
1) On this question Arun Nagarajan said "We are looking into improving this flow" in 2013. Is there any update about this?
2) In another question, jonathanberi seems to say that the admin api is automatically enabled when the user installs the app. But I wasn't able to reproduce this feature, and I can't find any documentation stating this. Is there any (preferably official) documentation that confirms such behaviour?
We have an app in the Google Apps Marketplace (the new one, i.e. using OAuth2) which needs to get a list of users in the domain.
We're currently using the Provisioning API for this (which we know is deprecated, but there seems to be no better option). Lately however, we're starting to get "You are not authorized to access this API" 403's, for some domains.
Does anyone know why we're suddendly getting 403's, a bug perhaps? There seem to be some other bugs as well, for example the scope https://apps-apis.google.com/a/feeds/user/#readonly doesn't work, but https://apps-apis.google.com/a/feeds/user/ does.
Does anyone know when it will be possible to start using the new Admin SDK Directory API to get a list of users? This isn't possible now because even when an administrator installs the app, it would only work if they go to their domain security settings and manually check "Enable API Access", see the related question here: How can I access user info on a domain without the domain administrator enabling API access?
You can start using Admin SDK Directory API. The question you linked to was regarding the case where an admin explicitly disables API access. When they install and an app, we re-enable that setting and let them know.
Not sure about the 403s but that is an older API that is replaced by the Admin SDK.
My team is trying to develop a product for the google apps marketplace and I am having issues with the workflow in the new ADMIN SDK.
With the now deprecated Provisioning API we simply ask for a username and password from the account we are trying to manage.
With the ADMIN SDK it seems as though they would need to go enable the API, create a key and do a lot of manual work for this to happen. This really is a tough option for us as the technical level of our clients is not likely to be able to make this transition.
Is there something like the work flow for the provisioning API where they can enable management from a third party or a recommended workflow for a developer to build an application that can access any number of google apps accounts?
A use case for this is say I want to develop a different option for a console, I want to build a console web app and simply ask for credentials or easy setup routine and allow our users to manage their google apps account in a different way.
Thanks in advance,
Steve
The Admin SDK Directory and Reports APIs work correctly with 2-legged OAuth 1.0a which is what the Google Apps Marketplace currently supports and automates. You do need to turn the Admin SDK on under "Register for additional APIs" from your Vendor Profile page on the marketplace. Also, the Administrative APIs for the domain must be turned on. You'll get a generic error that the domain cannot use the APIs if it's off in which case you can direct the client to the exact CPanel page where they can turn it on.
We've been looking into ways to get our client's Sitecore (6.4.1 rev. 110720) hooked up to their Active Directory setup. The first thing we came across was the LDAP module for Sitecore. The client likes the "Live Validation Mode" of the LDAP connector, so we started looking into that. However, it became quickly clear that SDN shows that they haven't tested the LDAP module with Sitecore 6.x.
Then we found the AD module, which is clearly made for Sitecore 6.x. However, it seems to always operate in what the LDAP module documentation called "Mixed Mode" (that is, a robust 2-way sync of users and roles).
I have two questions. Does the LDAP module work on Sitecore 6.x? If not, is there a way to configure the AD module to only sync roles/groups?
The LDAP module is the predecessor of the AD module and it doesn't work for Sitecore 6.x. Sitecore 6.x security is totally based on the ASP.NET security model, and this is what differs it from LDAP module completely.
The AD module is most likely able to satisfy your needs. If you only want the roles from AD in your Sitecore solution, then you should just plug in the role provider, and do not plug in the membership and profile providers. You might also want to enable RolesInRoles membership feature, because you'll most likely want to make your AD roles members of the standard Sitecore security roles. The RolesInRoles can do this for you.
It's all in the AD module documentation. If you're looking for the AD integration for your Sitecore solution, the AD module is the way to go.
I would like to have my application http://app.acquee.com/designer to accept a google account as a login. I found a bunch of libs for django but most work on top of existing Django authentication system that I do not use. I have my own set of user tables where I keep user info and privileges.
Any suggestion on how to integrate that with the Google Openid?
Seems I will have to do it manually using python-openid. Or could I use django-openid?
However, with the latter, I don't even know how to issue the discover command.
Regardless, I get stuck on google's step 5, sending a login authentication request (optionally with OAuth parameters) to the provided endpoint address. Can someone provide a sample request? is it a GET/POST? content?
Cheers
You can try https://launchpad.net/django-openid-auth - I'm using it in a commercial project, for both regular Google Accounts and Google Apps accounts. I remember that it was the most convincing one at the time I was doing a review, although I can't give you any details now due to my short memory. Anyway - it's working great.