Discussion (5)0
Log in or sign up to continue


I know that customers have set this up before.  Here are some old notes that I found which may point you in the right direction.  NOTE - I have never done this myself so I con't be of much help beyond pointing out this starting point:

Implementation Outline:
1. Configure CSP to accept IIS's authentication headers and pass them to Caché

2. Set up delegated authentication to use existing security model to assign $username and $roles 
based on the user's domain accountname and/or domain groups. (Implement ZAUTHENTICATE.MAC)

3. Enable delegated authentication for any desired services and CSP applications -- in this case 
the system management portal.
·  Configuration (e.g. CSP application definition)
·  Login Page Logic decides based on Gateway Service User, whether to trust REMOTE_USER HTTP 
header, or to prompt for username/password (other fields such as PIN are also an option).




which direction are you talking about?

incoming - clients coming into Caché providing credentials that need to be authenticated against Active Directory

outgoing - Caché/Ensemble needs to authenticate against a third party service and needs to provide credentials that can be authenticated against Active Directory



Caché does not support outgoing NTLM authentication, EWS will have to be configured to allow basic authentication which in turn allows Caché to provide a username/password from that domain.

The connection can be made more secure by requiring TLS prior to transmission or requiring client certificate authorization.