Do you recognize a good idea when you see one? We want to hear from you!
Header Image

I suggest you ...

Authentication: Multiple Single Sign-On (SSO) Servers

It would be nice to choose a server group with more than 1 SSO Server to authenticate HTTP profiles.

115 votes
Vote
Sign in
Check!
(thinking…)
Reset
or sign in with
  • facebook
  • google
    Password icon
    I agree to the terms of service
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    Attila SonayAttila Sonay shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →
    Michael O'NeillMichael O'Neill shared a merged idea: SSO for multiple active directory domans  ·   · 

    10 comments

    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      I agree to the terms of service
      Signed in as (Sign out)
      Submitting...
      • Adrien BelcourtAdrien Belcourt commented  ·   ·  Flag as inappropriate

        AD Domain Trust works, but not in a good way. It does not work in a good way after 8.103. This problem was in the KIL list as "ID19479 8.202 user-/group mapping does not work with identical user names in different domains" but this KIL list entry is no long there in the current KIL list.

        These are the steps we took to show the problem.
        1. We create a new user on the PARIS domain controller
        2. We created a new group on the PARIS domain controller
        3. We added the new user to the new group on the PARIS dc

        4. We created an identical group on the LONDON domain controller. NOTE we have not added a single user to this group.
        5. We then added the LONDON group (with no users) to Astaro filtering.
        6. The new user in the PARIS group can now surf using the LONDON group permissions because the PARIS and LONDON groups have the same name (even though they are on different DCs).

        So if a company has 3 different Michaels on three different DCs, Astaro cannot tell the difference between them. So if they arrive with their laptops at the office, Astaro cannot tell the difference between a local Michael and a remote Michael.

        It is the same if you have a few different groups with the same name like Active Directory Users, or Allowed Users on different domain controllers.

        So AD Domain Trust works, but not in a good way.

      • Adrien BelcourtAdrien Belcourt commented  ·   ·  Flag as inappropriate

        We lost to Bloxx on this feature. Bloxx can SSO authenticate very happily to multiple AD servers/domains. This is a pre-requisite for larger customers, who often have multiple divisions. In one case the IT for a healthcare trust had two hospital sites dealt with by two different AD servers (very normal). Another case we had a local government customer that had 7 AD domains/servers for different sites and schools. So this is a normal pre-requisite for larger customers.

      • Andrew HoldemanAndrew Holdeman commented  ·   ·  Flag as inappropriate

        I'm in need of this as well, where in my case one of the internal networks is running off of a 2000 domain and on a different NIC of the firewall the other network is running off a separate 2003r2 domain, being able to specify the Authentication server for Profiles would be spectacular.

      • Gunnar KleinGunnar Klein commented  ·   ·  Flag as inappropriate

        We have two separate ADirs with many users working side by side. It is always hard to explain, why one user has to authenticate, when his neighbour has not.

      • Sebastian EichingerSebastian Eichinger commented  ·   ·  Flag as inappropriate

        We have more then one eDir server, I could chose more then one, but SSO works only with one. Therefore it would be grate to have a soluition for this single point of failure. Sebastian

      • MartenMarten commented  ·   ·  Flag as inappropriate

        I need this feature too. I've more than one Edir's, the one Edir can SSO and the other one must need the Edir-login for launch her services. It would be nice to integrate this in the AstaroSG.

      Feedback and Knowledge Base