Question
Sven Verhoosel · Mar 31, 2017

NTLM Authorisation

Does anyone know if Caché supports NTLM authorisation? And if so, how?

Many thankx!

 

00
1 0 5 465
Log in or sign up to continue

Replies

Sven,

I know that customers have set this up before.  Here are some old notes that I found which may point you in the right direction.  NOTE - I have never done this myself so I con't be of much help beyond pointing out this starting point:

Implementation Outline:
1. Configure CSP to accept IIS's authentication headers and pass them to Caché

2. Set up delegated authentication to use existing security model to assign $username and $roles 
based on the user's domain accountname and/or domain groups. (Implement ZAUTHENTICATE.MAC)

3. Enable delegated authentication for any desired services and CSP applications -- in this case 
the system management portal.
·  Configuration (e.g. CSP application definition)
·  Login Page Logic decides based on Gateway Service User, whether to trust REMOTE_USER HTTP 
header, or to prompt for username/password (other fields such as PIN are also an option).

HTH,

Ben

Sven,

which direction are you talking about?

incoming - clients coming into Caché providing credentials that need to be authenticated against Active Directory

outgoing - Caché/Ensemble needs to authenticate against a third party service and needs to provide credentials that can be authenticated against Active Directory

Oren

Thank you all for your answers.

@Oren:
I want to call Exchange Web Services (EWS) from Caché. The authentication there is NTLM. So this is outgoing.

Sven

You can click "Add new comment" label under the post you want to reply to.

@Sven,

Caché does not support outgoing NTLM authentication, EWS will have to be configured to allow basic authentication which in turn allows Caché to provide a username/password from that domain.

The connection can be made more secure by requiring TLS prior to transmission or requiring client certificate authorization.

Oren