Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [single-sign-on]

Single Sign On is a technology that allows a single login to be transparently used with multiple applications and environments.

Single Sign On (SSO) is a technology that allows the transparent use of a single username and password in multiple security domains. They're commonly used as part of a greater framework which unites otherwise separate systems into a single virtual login domain. SSO systems may be purely web-based, or client-based.

A variety of technologies can be used to build SSO systems.

347 questions
4
votes
1 answer

Credentials can not be delegated - Alfresco Share

I've hit a brick wall configuring Alfresco 4.0.d on Redhat 6. I'm using Kerberos authentication, it seems to be working normally, and single sign on is working on the main alfresco app itself. I've been through the configuration steps to get the…
leftcase
  • 710
  • 3
  • 10
  • 18
4
votes
1 answer

Self Signed Certificate - Active Directory - Make it trustable to all users

I use Google Apps For Business + SingleSignOn, that means all my users login trough an internal interface instead of though gmail.com. This SingleSignOn open source solution uses SAML protocol (i think that is correct) to make the user login on…
ddutra
  • 243
  • 1
  • 3
  • 6
4
votes
1 answer

Can I put /etc/passwd, /etc/group and /etc/shadow on an NFS share?

OK, this may be a dumb question but I'm wondering if I can export /etc/passwd, /etc/group and /etc/shadow from an NFS server and mount those files over the local ones on the client machine. The goal is a simple centrally managed list of users and…
Nick
  • 4,503
  • 29
  • 69
  • 97
4
votes
3 answers

Apache2, Kerberos: gss_accept_sec_context() failed: An unsupported mechanism was requested

I want to use Kerberos and Apache 2 on linux with mod_auth_kerb. I added .htaccess to my project with following: #SSLRequireSSL AuthType Kerberos AuthName "Kerberos Login" KrbMethodNegotiate On KrbMethodK5Passwd Off KrbAuthRealms…
petRUShka
  • 293
  • 2
  • 5
  • 16
4
votes
3 answers

Lotus Domino Active Directory Integration - Possible and Practical?

So about 3 months ago I "inherited" a Lotus Domino setup, and quite frankly, it's a mess. Historically, it's had 10 years of the primary focus being on development rather than on management and housekeeping (none of the latter was actually done, I…
Maximus Minimus
  • 8,987
  • 2
  • 23
  • 36
4
votes
4 answers

Single sign-on for a mixed-OS network

I am handling a mixed network of SCO Openserver, Slackware and Windows XP computers. Right now, the primary user accounts are kept on one SCO computer with usernames and passwords synchronized to the other ones daily via cron, while the Windows XP…
goldPseudo
  • 1,106
  • 1
  • 9
  • 15
4
votes
0 answers

Single Sign On through Citrix

I have a webserver running Windows 2008 R2 with IIS 7. The server is a member of the domain "mydomain.com". What I am trying to achieve is a SSO connection between the AD users and the web server. The problem is that users must connect via Citrix to…
horgen
  • 141
  • 1
4
votes
2 answers

Using ADFS 2.0 for Google apps single sign on

Microsoft Active Directory Federation Services 2.0 has been recently released, and it has passed interoperability tests for SAML 2.0. Does this mean that is can be used to authenticate users of Google Apps which also uses SAML? Has anyone…
Zoredache
  • 130,897
  • 41
  • 276
  • 420
4
votes
1 answer

Single Sign On for intranet with Apache and Linux MIT Kerberos

EDIT: SOLVED! See my answer below. Greetings, I am looking for a way to do a single sign on to an intranet in the following manner: A Linux user logs on via a graphical frontend (for example, GNOME). He automatically requests a TGT for his username…
Beerdude26
  • 101
  • 1
  • 7
3
votes
1 answer

how authenticated multiple subdomains in nginx with one login

we've got app consisting of several parts. Each part is running on it's subdomain (nginx site). We would like to hide access of dev env behind some shared auth, where first login on whatever of subdomains gonna grant access also for others. Our…
Pavel Cisar
  • 31
  • 3
3
votes
1 answer

How to change ccache type of MIT Kerberos

The MIT Kerberos Documentation lists seven different ways to store Kerberos credentials: API DIR FILE KCM KEYRING MEMORY MSLSA At the moment my Kerberos setup is storing credentials in a file in the /tmp directory. In my krb5.conf file the…
arne.z
  • 357
  • 1
  • 6
  • 24
3
votes
2 answers

Using Google Apps / G Suite as IdP for Office365

I'm trying to set up SAML SSO where G Suite is the identity provider for Office 365 (service provider). Google's instructions are limited: https://support.google.com/a/answer/6363817?hl=en But I found some great help here:…
tplants
  • 31
  • 3
3
votes
1 answer

Can we configure ADFS for IDP initiated SSO

I'm looking for ways of integrating ADFS as a IDP for a SAML2 service provider. I have already configured the SAML2 provider with the verification certificates etc. And we used "Add Relying Party Trust Wizard" to configure ADFS with the details of…
Jayantha Lal Sirisena
  • 133
  • 1
  • 5
3
votes
1 answer

Where do I purchase token signing certificate for ADFS?

We are integrating with ADFS (SAML) with a customer. The customer requires us to obtain token signing certificate, trusted by well known CA. The certificate will be used to sign SAML requests that are sent to IdP. Most of the vendors sell SSL cert…
weilin8
  • 133
  • 3
3
votes
3 answers

ADFS Passive Request = "There are no registered protocol handlers"

Im trying to configure ADFS to work as a Claim Provider (I suppose AD will be the identity provider in this case). Just for simple testing, ive tried the following on windows server 2016 machine: 1) Setup AD and domain = t1.testdom (Its working…
Raheel Hasan
  • 181
  • 1
  • 1
  • 12
1 2
3
23 24