| Author |
Message |
Paul Spear
Guest
|
 Posted:
Tue Jan 18, 2005 4:29 am Post subject:
Using the SSO feature of HIS2K4 |
|
|
HIS offers many capabilities other than its SSO feature. In reading the
posts I feel like i am the only one who is interested in it merely for its
SSO offering. Is anyone else embracing HIS for this purpose?
OK, I really have a second question for those using SSO: I see in the doc
that SSO has the wizards and tools to easily implement Single Sign-on with
mainframe-based and AS400-based applications, but does anyone use SSO for
their other Windows-based applications? I would like to prototype a
"proof-of-concept" for my management to a pilot appllication that happens to
be Windows-based, but all the wizards and gadgets with SSO deal with
non-Windows applications (like 3270 and 5250-based stuff). Is that because
proper use of Active Directory in Windows 2003 already satisifies SSO? |
|
| Back to top |
|
 |
Neil Pike
Guest
|
| Posted:
Wed Jan 19, 2005 1:45 am Post subject:
Re: Using the SSO feature of HIS2K4 |
|
|
Paul,
| Quote: | HIS offers many capabilities other than its SSO feature. In reading the
posts I feel like i am the only one who is interested in it merely for its
SSO offering. Is anyone else embracing HIS for this purpose?
|
I'm sure there must be someone, but to me, HIS SSO is only relevant when you
are dealing with hosts.
| Quote: | OK, I really have a second question for those using SSO: I see in the doc
that SSO has the wizards and tools to easily implement Single Sign-on with
mainframe-based and AS400-based applications, but does anyone use SSO for
their other Windows-based applications? I would like to prototype a
"proof-of-concept" for my management to a pilot appllication that happens to
be Windows-based, but all the wizards and gadgets with SSO deal with
non-Windows applications (like 3270 and 5250-based stuff). Is that because
proper use of Active Directory in Windows 2003 already satisifies SSO?
|
Correct. SSO is for performing single sign-on / password synch etc. across
disparate systems that have no common security database/credentials.
If you have all "Windows" based applications then the obvious answer is to use
AD for any/all authentication and access checks. Similarly if everything ran
on an IBM mainframe you would use RACF. On Unix systems you would use NIS or
Kerberos.
SSO comes in when you have users/systems/applications running across multiple
of these platforms.
Neil Pike. Protech Computing Ltd |
|
| Back to top |
|
|
Paul Spear
Guest
|
| Posted:
Wed Jan 19, 2005 4:31 am Post subject:
Re: Using the SSO feature of HIS2K4 |
|
|
Thanks Neil. So far, so good. I think I am understanding.
Turns out, we do indeed have a heterogenous mix of z/OS, AS/400, Unix, and
Wintel-based applications. I am trying to connect a pilot application to
show my management team what enterprise SSO would look like. I thought maybe
it would be simple to demonstrate it working with an application we currently
have running on XP, but I think you are saying that the real power of the SSO
feature becomes apparent when connected via the 3270 client or 5250 client.
If so, then that is how I will proceed.
"Neil Pike" wrote:
| Quote: | Paul,
HIS offers many capabilities other than its SSO feature. In reading the
posts I feel like i am the only one who is interested in it merely for its
SSO offering. Is anyone else embracing HIS for this purpose?
I'm sure there must be someone, but to me, HIS SSO is only relevant when you
are dealing with hosts.
OK, I really have a second question for those using SSO: I see in the doc
that SSO has the wizards and tools to easily implement Single Sign-on with
mainframe-based and AS400-based applications, but does anyone use SSO for
their other Windows-based applications? I would like to prototype a
"proof-of-concept" for my management to a pilot appllication that happens to
be Windows-based, but all the wizards and gadgets with SSO deal with
non-Windows applications (like 3270 and 5250-based stuff). Is that because
proper use of Active Directory in Windows 2003 already satisifies SSO?
Correct. SSO is for performing single sign-on / password synch etc. across
disparate systems that have no common security database/credentials.
If you have all "Windows" based applications then the obvious answer is to use
AD for any/all authentication and access checks. Similarly if everything ran
on an IBM mainframe you would use RACF. On Unix systems you would use NIS or
Kerberos.
SSO comes in when you have users/systems/applications running across multiple
of these platforms.
Neil Pike. Protech Computing Ltd
|
|
|
| Back to top |
|
|
Neil Pike
Guest
|
| Posted:
Wed Jan 19, 2005 2:18 pm Post subject:
Re: Using the SSO feature of HIS2K4 |
|
|
Paul,
Or, even if you don't "integrate" any of these apps to talk to each other, if you
just use the password synch side of SSO, your users could just have one
userid/password across all platforms. Though getting EVERY app and every system at
a non-trivial company running with a single logon/password is a holy grail I've
never seen fully achieved yet!
| Quote: | Turns out, we do indeed have a heterogenous mix of z/OS, AS/400, Unix, and
Wintel-based applications. I am trying to connect a pilot application to
show my management team what enterprise SSO would look like. I thought maybe
it would be simple to demonstrate it working with an application we currently
have running on XP, but I think you are saying that the real power of the SSO
feature becomes apparent when connected via the 3270 client or 5250 client.
If so, then that is how I will proceed.
|
Neil Pike. Protech Computing Ltd |
|
| Back to top |
|
|
Stefano Colombo
Guest
|
| Posted:
Wed Jan 26, 2005 6:28 pm Post subject:
Re: Using the SSO feature of HIS2K4 |
|
|
Hi ,
we have a similar project/problem.
The customer has asked for a way to authorize Host-based procedure
excution based on windows account.
The Idea should be as follows.
User connects to the company portal which authenticates the user based
on windows/AD credentials.
Then the user access "host" applications exposed by HIS2004 and
Webservices .
The Host should allow or deny execution of the requested procedure based
on the credential provided by the Webservices .
Is that possible ?
How ...
Thanks
Regarding SSO I think a better product to implement a SSO architecture ,
with Identity management , is MIIS
"Neil Pike" <neilpike@compuserve.com> ha scritto nel messaggio
news:VA.0000629d.1496a6ee@compuserve.com...
| Quote: | Paul,
Or, even if you don't "integrate" any of these apps to talk to each
other, if you
just use the password synch side of SSO, your users could just have one
userid/password across all platforms. Though getting EVERY app and every
system at
a non-trivial company running with a single logon/password is a holy grail
I've
never seen fully achieved yet!
Turns out, we do indeed have a heterogenous mix of z/OS, AS/400, Unix,
and
Wintel-based applications. I am trying to connect a pilot application
to
show my management team what enterprise SSO would look like. I thought
maybe
it would be simple to demonstrate it working with an application we
currently
have running on XP, but I think you are saying that the real power of
the SSO
feature becomes apparent when connected via the 3270 client or 5250
client.
If so, then that is how I will proceed.
Neil Pike. Protech Computing Ltd
|
|
|
| Back to top |
|
|
Neil Pike
Guest
|
| Posted:
Thu Jan 27, 2005 12:55 pm Post subject:
Re: Using the SSO feature of HIS2K4 |
|
|
Stefano,
Do all the users of the system have a mainframe (RACF) logon account? If so
you could implement password-synch, get the webservice to get the RACF userid
out of the password-synch database, and pass it through for the app to
validate.
If not, then the webservice could check windows userid/group membership and
pass that information through on the call to the mainframe.
All this would have to be passed through as data, as I don't believe there's
any way to actually get different transactions kicked off by TI to use
different underlying security.
| Quote: | we have a similar project/problem.
The customer has asked for a way to authorize Host-based procedure
excution based on windows account.
The Idea should be as follows.
User connects to the company portal which authenticates the user based
on windows/AD credentials.
Then the user access "host" applications exposed by HIS2004 and
Webservices .
The Host should allow or deny execution of the requested procedure based
on the credential provided by the Webservices .
|
Neil Pike. Protech Computing Ltd |
|
| Back to top |
|
|
|
|
|
|
FAQ
Memberlist
Register
Profile
Log in to check your private messages
Log in