Re: SMP mobile app Integration with AD server
Hi Naresh, I wouldn`t do principal propagation. It means that your SMP3 will be a CA and create certificates, something you should really talk to about with your security team. You`ll also have to...
View ArticleRe: SMP mobile app Integration with AD server
Thanks Tobias for your inputs, At present we don't have SSO in place. with "Basic" option choose in SMP cockpit, AD authentication is success. But the issue with password (when ever AD password...
View ArticleRe: SMP mobile app Integration with AD server
Hi Kevin,We are configuring the principal propogation method as suggested above link. we struck up in below steps under preparation.1) We have technical user created --> completed2) need to know...
View ArticleRe: SMP mobile app Integration with AD server
SMP3 has a component that is responsible for storing the received user credentials (CSI). When you set the backend SSO to Basic, the user name and password are retrieved from there (CSI). When the AD...
View ArticleRe: SMP mobile app Integration with AD server
This is why I recommended principal propagation (PP), with PP the AD password can change yet it would not affect the SSO certificate with backend NW. For testing scenarios you can use smp’s base...
View ArticleRe: SMP mobile app Integration with AD server
Why would a pw change affect the SSO2 logon cookie? And PP is a higher configuration effort and SMP3 will be a CA. Something that really should be evaluted carefully.
View ArticleRe: SMP mobile app Integration with AD server
It wouldn't, that's why I suggested PPO which creates SSO with NW and no password is required.
View ArticleRe: SMP mobile app Integration with AD server
Just use the smp_crt certificate from the SMP keystore for testing.
View ArticleRe: SMP mobile app Integration with AD server
Exactly, that`s why SSO2 is the way to go. Standard, NW systems are used to it and no need to create thousands of dummy certificates for loging on the user.
View ArticleRe: SMP mobile app Integration with AD server
Well, yes, if the backend is configured for SSO2, that is the preferred way. Principal Propagation can be used if it isn't.
View ArticleRe: SMP mobile app Integration with AD server
Hi Tobias,How can we set SS02 certificate validity expiry date for years? if we generate SSO2 cert from SMP server it gives validity for an month. please advice how can we achieve increasing the expiry...
View ArticleRe: SMP mobile app Integration with AD server
Thanks Kevin, noted and will use this for principal propagation method.. RegardsNaresh
View ArticleClik here to view.
Re: SMP mobile app Integration with AD server
If you create the certificate without specifying the days parameter, the default value will be taken, which is 30 days. https://www.openssl.org/docs/manmaster/apps/req.html when the -x509 option is...
View Article