| Welcome to LawsonTalk. We hope you enjoy your visit. You're currently viewing our forum as a guest. This means you are limited to certain areas of the board and there are some features you can't use. If you join our community, you'll be able to access member-only sections, and use many member-only features such as customizing your profile, sending personal messages, and voting in polls. Registration is simple, fast, and completely free. After registration, please check your e-mail within 24 hours for an message from us, read it, and reply to it. Join our community! If you're already a member please log in to your account to access all of our features: |
| Portal authentication to multiple AD? | |
|---|---|
| Topic Started: Feb 17 2011, 12:09 PM (910 Views) | |
| Netwrksguy | Feb 17 2011, 12:09 PM Post #1 |
|
Newbie
  ![]](http://z5.ifrm.com/static/1/pip_r.png)
|
Hello, Total newbie to Lawson here. Our implementation consultants have not been able to answer this question for us. In our City we have 4 unique AD domains, we are preparing to install Lawson (hosted at a remote site) where all four of our AD domains will have users that need to access the Lawson Portal. If we bind Lawson to one domain will users from a trusted domain be able to login to the Lawson Portal. i.e. Domain "city" has a trust with domain "library" and domain "school". Lawson is bound to the "city" domain, so can users from school and library still use single sign on to Lawson Portal? let me know if I need to provide more information. -Ken |
 |
 
|
| MannieJ | Feb 17 2011, 03:15 PM Post #2 |
|
Super Member
|
Technically, this should be possible. since you are connecting to the whole forest (DN) you may have to connect using the global catalog (GC) and using special tcp port 3268. |
|
|
|
| MannieJ | Feb 17 2011, 03:22 PM Post #3 |
|
Super Member
|
Now as for your domain name users, in order for them to be able to use Lawson portal, they must have at the least an identity in Lawson LDAP (Resource Management). Here's a scenario: 1. user logon to Lawosn portal using their id/password. 2. sso signs on to AD and authenticate. 3. Lawson provide the portal if passed authentication. Lawson LDAP is just a "get" routine (using like Bouncy Castle) to the Corporate AD. |
|
|
|
| Netwrksguy | Feb 22 2011, 11:29 AM Post #4 |
|
Newbie
|
Thanks for the feedback. Just to clarify, I should have specified that our separate domains are all in separate forests too. So does that change your response? -Ken |
|
|
|
| MannieJ | Feb 22 2011, 03:36 PM Post #5 |
|
Super Member
|
Looks like you have two different worlds sharing one Galaxy. I don't have an answer to that question. Usually a separate domain like "city", "library", "School" etc, belongs to a single forest you can call "state" and using global catalog you can mine the different users from different domains. I don't even know if Kerberos or Bouncy Castle can provide you this capability (hope I'm wrong). What I can see is the problem with the binding methodology. |
|
|
|
| Netwrksguy | Feb 23 2011, 06:09 AM Post #6 |
|
Newbie
|
I think this may be our solution then, thanks for your input. Virtual Identity Server from Optimal IDM (http://www.optimalidm.com/products/VIS) -Ken |
|
|
|
| « Previous Topic · Security · Next Topic » |
1:59 AM May 18