Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

SSO combo doable?

Status
Not open for further replies.
Turkbear

Turkbear

Technical User
Mar 22, 2002
8,631
US
Hi,
Is it possaible to use Windows' Single Sign On
for most of the Crystal Enterprise ( 8.5) environment, but still have 1 or 2 Virtual Directories ( and objects/folders in the CE published environment) that are
not SSO? In other words can I combine, on a selective basis, Windows SSO and Enterprise ( Guest, especially) security methods?

system info:
( Window 2000 Advanced Server, IIS 5, CE8.5 Professional Edition)


Thanks,

[profile]
 
Sort by date Sort by votes
I think these are 2 different things.

SSO and Enterprise and NT are authentication types used for logging in to the system

SSO allows a user who is logged in to the Domain, to access Enterprise without having to enter another log in credential. This also requies a pure MS environement. IIS, IE as SSO is a MS thing.

Once the user is in, they are in, then you need to look at falling back on the enterprise rights assignments for folders and objects. Allow or deny.

One the folder you want to block, you could explicity define this for the particular user or group.

The Guest account will be a member of the everyone account so you may need to deny this goup as a whole and then work your rights on a goup/user by group/user basis.

Just some thoughts.






Cheers,

SurfingGecko
Home of Crystal Ease
 
Upvote 0 Downvote
Hi, Thanks..

I understand the concepts but it appears that to use Single-Sign-On ( yes it is a 'pure' Windows enviornment)
then docs indicate that 'anonymous' access to the web site must be disabled...
That would mean that all users not part of the Windows domain ( outside users and Guests) would be unable to access the site even if authenticated thru Enterprise
( the APS will like them, the web server-[IIS] won't)..
I was wondering if the anonymous acess could be set on a Directory by Directory basis, instead of on the web site itself? That way those who are authenticated by the Domain membership ( the SSO folks) wil have access to 'their' areas of the site and the 'Guest' folks will still have some access. Perhaps someone out there has done this?

[profile]
 
Upvote 0 Downvote
Don't confuse your virtual directories with your folders and objects in Enteprise. The Folders (user Folders, Samples etc.) are only folders within the enterprise system and are stored in the system database.

These are not actual system folders like my documents.

If you need to block actual folders in IIS, then it has nothing to do with Enterprise.

SSO/Anon access to the site, is one thing, but the security within Enterprise is another and you should be able to restrict users once they are in the system (CE not the web site)

If I get a chance I will try to set something up with steps taken (based on an assumption of what you are trying to do)




Cheers,

SurfingGecko
Home of Crystal Ease
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

pomster
  • Locked
  • Question
Crystal Server SSO
Replies
8
Views
61
groggle
groggle
mccom
  • Locked
  • Question
BO XI thrusted SSO error
Replies
2
Views
41
mccom
mccom
wiplash
  • Locked
  • Question
Configuring SSO
Replies
3
Views
76
MJRBIM
MJRBIM
ulliM
  • Locked
  • Question
Java and Trusted SSO
Replies
2
Views
69
ulliM
ulliM
ganjass
  • Locked
  • Question
SSO For Web URL Pass through reports
Replies
0
Views
31
ganjass
ganjass

Part and Inventory Search

Sponsor

Back
Top