Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [single-sign-on]

Single Sign On is a technology that allows a single login to be transparently used with multiple applications and environments.

Single Sign On (SSO) is a technology that allows the transparent use of a single username and password in multiple security domains. They're commonly used as part of a greater framework which unites otherwise separate systems into a single virtual login domain. SSO systems may be purely web-based, or client-based.

A variety of technologies can be used to build SSO systems.

347 questions
3
votes
1 answer

Fallback authentication if mod_auth_kerb fails

Is there a way for Apache to fall back to a different authentication method if Kerberos authentication (for some reason) fails? The order of the authentication methods should be: Kerberos Active Directory RSA token The RSA token authentication is…
Ian
  • 31
  • 1
  • 2
2
votes
1 answer

Keycloak x.509 certificate authentication

I'm trying to set up the following architecture but I'm struggling: Keycloak container with this image jboss/keycloak:7.0.0 Apache with mod_auth_openidc The apache has a protected directory Apache does an SSL client Authent I want to configure…
No name
  • 121
  • 1
  • 5
2
votes
1 answer

Keycloak SSO minimum mysql database privileges

I have been trying to install Keycloak but instead of the usual 'GRANT ALL PRIVILEGES' command to grant access to the database to the MySQL database, I need the exact minimum privileges to be granted. I have been looking at Keycloak documentation…
Lester
  • 597
  • 4
  • 16
2
votes
0 answers

How to download SAML XML metadata from Microsoft Azure

I have an enterprise application that implements SAML SSO, and I have a new client who wishes to use it. This feature works with other clients. However, the application requires that the client download the SAML XML metadata from the Azure server…
user3188777
  • 21
  • 1
  • 2
2
votes
1 answer

Kerberos Ticket Hand-off No Good on Chrome on macOS X

I am implementing Okta as a single-sign on provider in an enterprise environment of about 90 users. One of Okta's features is Desktop Single Sign On - the ability for users to be authenticated with Okta simply by virtue of having logged into their…
user490549
  • 21
  • 3
2
votes
3 answers

Azure AD SSO for non-azure Linux VMs?

I currently have a VPS hosting for two servers with Ubuntu outside Azure network and a free azure AD plan. I see this option here: https://docs.microsoft.com/en-us/azure/virtual-machines/linux/login-using-aad but it is only for azure VMs, so can I…
Marko Farkas
  • 163
  • 5
  • 11
2
votes
0 answers

Mapping GSuite custom attribute value via Groups

So, I have followed instruction here: https://aws.amazon.com/blogs/security/how-to-set-up-federated-single-sign-on-to-aws-using-google-apps/ On how to set up AWS SSO via GSuite. My issue is, I need to map the a few different value to a large number…
Sleeper Smith
  • 523
  • 1
  • 4
  • 11
2
votes
1 answer

Password reset not working because password writeback not working in portal.azure.com

I have a problem with portal.azure.com user password reset. I have configured hybrid identity with single sign on in azure AD and onpremis AD. The connection was made via Azure AD Connect. The problem is I have configured password writeback already…
Aravinda
  • 1,101
  • 5
  • 12
  • 30
2
votes
1 answer

SPN generation for multiple service account on a Web server

I am trying to achieve Azure SSO in my organisation. I have a web server hosting multiple websites and web application under those sites. Users access them in below fashion https:// < SiteName > / < ApplicationName > / We have a service account…
Dheeraj Kumar
  • 23
  • 1
  • 3
2
votes
1 answer

Combine apache auth providers of different types with basic auth only if proactively provided by client

I'd like to be able to have a path on an apache server (2.4.18+ on ub16) that primarily authenticates using SAML (using the mod_auth_mellon plugin) for interactive use, but also supports having the caller pre-emptively send Basic auth credentials.…
Nathan Neulinger
  • 607
  • 1
  • 6
  • 17
2
votes
1 answer

Problems connecting to a freeIPA client host via ssh

I am trying to set up an IPA environment with a CentOS 7.3 server and clients and I am experiencing a behavior that I am not able to understand. I am using IPA version 4.4.0. I was able to run ipa-server-install on the server and ipa-client-install…
andreee
  • 133
  • 1
  • 6
2
votes
1 answer

Sync AD from multiple on-premise server to Office 365

I want to migrate active directory accounts from multiple on-premise servers (located on different location and having same domain name) to Office 365. I am using Azure AD Connect to sync these accounts and I tested by creating a dummy environment…
Nikhil Gaur
  • 137
  • 1
  • 4
2
votes
1 answer

Which servers to copy keytab file to

I am trying to setup a simple Kerberos environment in which a client server authenticates to a webservice (in my case OpenSSH) via a Kerberos server. I generated a keytab file on the KDC but am not quite sure which servers to copy the file to. Do I…
arne.z
  • 357
  • 1
  • 6
  • 24
2
votes
0 answers

Is it possible to sign into Chrome Browser from a users OS authentication?

I am curious if it would be possible to sign users into their Chrome Browsers on Windows and/or Mac automatically when they sign in to their AD account. Our G Suite account syncs all data from our AD and we use SSO for Google so the information is…
tyelford
  • 255
  • 2
  • 11
2
votes
1 answer

Configuring IIS for cross-forest kerberos authentication

In my environment I have two separate forests FA.COM and FB.COM and two child domains DA.FA.COM and DB.FB.com. There is no forest trust but two-way external trust between DA.FA.COM and DB.FB.com. I have an IIS server (IIS8.5 on Windows 2012r2) in…
triggerfast
  • 21
  • 4
1 2 3
23 24