If I have desktop non-browser based applications that require a username and password is there any software I can install on my machine that will fill in those credentials for me please? Ideally centrally managed so that the passwords can revoked from the installed wallet/vault.
Related
I need to make Authentication Agent for Microsoft Windows to replace the current option to logon Windows (Password, Passcode and image password). I know that there are many companies providing such solutions like Gemalto logon agent and RSA.
Where I can find developers documentation and tutorials for that?
RSA agent:
https://www.rsa.com/en-us/products-services/identity-access-management/securid/authentication-agents/authentication-agent-for-microsoft-windows
SafeNet Authentication Service Agent for Windows Logon:
http://www2.gemalto.com/sas/resources-downloads.html
Winlogon and Credential Providers
Questions pertains to testing SSO with Windows (7) log-in credentials against a local/test KDC (Kerberos)..
Think I got the basic picture regarding authentication with log-in credentials (TGT and client-server tickets) and how JBoss has to handle negotiation against Kerberos. However I would like to do a setup intended for development/testing. Thought about downloading a MIT version of Kerberos and setting up the KCD. Assuming I can use the klist/kinit tools part of the JDK 7 distribution to make my own TGT och tickets? The log-in credentials (i.e. when I log-on to Windows) should be volatile (i.e. in memory rather than file based).
How do I get my browser(s) to pull up the correct credentials? Is this possible from a browser? For example with Firefox apparently SPENGO negotiating is a white list of domains but does it look at the DomainName in the TGT to grab the right one? And how would Firefox SPENGO know to look in my local credentials that are file based rather than the volatile one?
I'm developing an app that will essentially be a kiosk app (I'll use the kiosk features of Windows 8.1 to lock the device down).
So the computer will be always on and always logged into an account with this app running.
However, part of the process is that I need to authenticate users. They'll log in with username and password, choose a couple of things and then click finish which will log them out and take the app back to the login screen.
How can I do this? System.DirectoryServices is not available for Windows Store Apps. I was looking at other ways of doing LDAP Authentication and Active Directory Web Services looks promising (and would be supported). But I don't see how I could use it to authenticate (other than the fact that it authenticates he calling user, but I can't seem to get impersonation working there either).
I was looking for this answer too. I discovered that you have to go to the package.appxmanifest and check off Enterprise Authentication and then you can use CredentialCache.DefaultNetworkCredentials in your app to get the username, but not the password.
Several sites, including this one, are using OpenID to authenticate their users. And of course, OpenID is a good solution to manage user accounts, simply by linking them to their OpenID account.
But are there similar solutions that could be used for desktop applications? I know there's CardSpace, where you create a custom ID card to contain your identity and optionally protect it with a pincode. But are there more alternatives for authentications on a desktop system or on systems within a local intranet environment?
And yes, I can write my own system where I keep a list of usernames and (hashed) passwords and then build my own login system but I just hate to invent my own wheel, especially when I need to keep it secure.
I would recommend that you look into the option of building an STS (using WIF, aka Geneva) and use (active) WS-federation in your windows app. Or if you can wait that long, just use Geneva Server when that is released.
We have a solution that works more or less like this:
Desktop tool prompts the user for ID/password
Desktop tool sends the ID/password over an encrypted (SSL) channel to the server.
Server initiates an HTTP request to a known URL of a login form and inputs the username and password as if they were form fields.
If the HTTP server responds appropriately, the server accepts the client as authenticated.
The target of that HTTP request should be tied to whatever single sign-on system that you use for the web application environment. In our case it happens not to be OpenID but it could be.
I have a database with LDAP login enabled. It works fine when logging in through the PIA or when logging into app-designer through the application server.
I need to make app-designer allow me to login with 2-tier mode using LDAP authentication. Is this possible without customization?
I do not think this is possible. 2-tier logs directly into the database and more importantly, does not run the signon peoplecode that does call-outs for LDAP authentication. In fact, 2-tier is really just a Win32 app that runs no peoplecode - it isn't a peoplesoft "application." There is a user callout dll delivered with peoplesoft, and some scant documents on what you have to do to use it - but again, likely not going to meet your need. You may need to use the ldap synch online app engine job to pull in your ldap users to security tables if you want to use those login identities for 2-tier access.
The only delivered way to use LDAP Authentication for App Designer is to use connection 3-Tier through the app server. Only with the 3-Tier connection will the Signon PeopleCode be executed. With 2-Tier, there is no hook to the LDAP Server.
You could look at using the Grey Sparling Desktop Single Signon, which does integrate with App Designer and uses Windows and NTLM to grab Active Directory authentication. This would give you some degree of LDAP Authentication if you Windows machine authenticates with a domain. But it is an add-on product you would need to purchase.
Otherwise, as Epictetus mentioned, you can use the LDAP Username if you have it synced with your PeopleSoft database and use the local password stored in PSOPRDEFN.
One problem I have seen is that when using LDAP and 2 tier when you login with LDAP it somehow decrypts the password in PSOPRDEFN. The next login 2 tier by that same account throws the error cannot login please encrypt password using data movoer encrypt password *. If you encrypt that users password the same results happen following that users next LDAP login.