9 Replies Latest reply on Jun 26, 2017 7:55 AM by bigtom

    Filemaker 16 Webdirect Authentication

    motasea

      I recently installed FM 16 Server (two machine deploy with wildcard certificate).  I noticed that on webdirect there is now two authentication to see a solution. Is this the way it is in FM 16 server?  Is there a way to authenticate just once? FM 16 server is on a LAN.

        • 1. Re: Filemaker 16 Webdirect Authentication
          user19752

          It could be result of server setting "filter the list of databases"

          https://www.filemaker.com/help/16/fms/en/#page/fms%2Fconfig_dbserver_security.html

          but it is not ON by default.

          • 2. Re: Filemaker 16 Webdirect Authentication
            William-Porter

            Not sure what you mean by "two authentication(s)". There are two ways to get to a solution in WebDirect. Maybe you're using the way that normally requires you to authenticate two times.

             

            *

             

            The first way to open a FileMaker solution in a web browser is to go direct to the solution by means of a URL that includes the filename, e.g.

             

            https://myserver.myhostingdomain.com/fmi/webd/myfilemakersolution

             

            where "myfilemakersolution" is the name of the solution file. If you go right to the file like that, you should only be asked to authenticate ONE TIME. This is the most efficient way to get into a single file.

             

            *

             

            But it's also possible to use a shorter URL that takes the user to a listing of files available for their credentials. This shorter url looks like this:

             

            https://myserver.myhostingdomain.com/fmi/webd/

             

            When users go to a shorter url like that, they'll be asked to authenticate in order to see the file listing. This makes sense: you might not want them viewing all the files on the server. But when they pick a specific file to open, they'll be asked to provide credentials that get them into that specific file. This may seem like a "second authentication" and if you always use the same credentials both for the file listing and for the particular file, then the redundancy might be annoying. But it does allow developers to use one login to see all the files available and a separate (perhaps less privileged) login to get into an individual file for testing. If you dislike authenticating twice, use the first method: go right to the file's url.

             

            I think WebDirect has worked this way for the last couple versions. (Somebody correct me if I'm wrong please.)

             

            Will

            • 3. Re: Filemaker 16 Webdirect Authentication
              bigtom

              I have seen this when the the database filtering is on as user19752 explained . This is a simple requirement for the filtering.

              Screen Shot 2017-06-26 at 6.58.56 PM.png

               

              You get an initial login like this:

              Screen Shot 2017-06-26 at 6.52.03 PM.jpg

              If you use the direct file link as provided by William-Porter you get the single sign-in page.

              2 of 2 people found this helpful
              • 4. Re: Filemaker 16 Webdirect Authentication
                William-Porter

                Tom,

                 

                I think you and I are reading the OP's question differently.

                 

                You're thinking of a login screen that shows multiple login options: FileMaker, Google, Amazon, etc. You showed a screenshot.

                 

                But the OP asks "Is there a way to authenticate just once?" Note that, even if you see up to FOUR login options on the login screen -- FileMaker Google Amazon Microsoft -- you only authenticate with one of them, that is, you only authenticate "once". That's why I understood his question differently than you.

                 

                Will

                • 5. Re: Filemaker 16 Webdirect Authentication
                  bigtom

                  William-Porter This is the first of two logins. Notice this one is to "view databases" once this is done then you select a database and  you need to login again. I just did not add the screen image for that one.

                   

                  The fact that two account options are available is not relevant.

                   

                  With filtering on and not specifying the file name in the URL  you login twice.

                  • 6. Re: Filemaker 16 Webdirect Authentication
                    bigtom

                    This is the second login to open the actual file.

                    Screen Shot 2017-06-26 at 10.57.29 PM.jpg

                    • 7. Re: Filemaker 16 Webdirect Authentication
                      bigtom

                      The same thing occurs in the Launch Center with FMP, two logins. However with FMP you have the option to store the credentials in the keychain.

                       

                      When you select a Server with filtering enabled in Launch Center you are immediacy asked for a login to see files. Then you need to login to the file you wish to open.

                      1 of 1 people found this helpful
                      • 8. Re: Filemaker 16 Webdirect Authentication
                        William-Porter

                        Okay bigtom thanks for hanging in there with me. I misunderstood you earlier -- because <embarrassed>I didn't carefully read your post</embarrassed>. Mea culpa. I would add that I have ALWAYS had that file filtering option enabled ("show only databases each user is authorized to access") so I clean forgot about it.

                         

                        So, to recap for benefit of OP:

                         

                        1. If you disable file filtering in FileMaker Server admin console > Database Server > Security, user can go to the short url for the server and view listing of all hosted databases. Picking a file there will prompt a login challenge, but only one. (That's because you weren't prompted to authenticate to the server first.)

                         

                        2. But if you leave file filtering ON in the server, then users have to authenticate to the server to see a list of files they're allowed to access. When they pick a file, they have to authenticate a second time. The solution to this is to teach users how to go directly to the file they want by using a complete url to the file: see my earlier post. NOTE: This is absolutely the right thing to do if the users are mostly only allowed to see and access a single file on the server (which is the case for most of my clients).

                         

                        *

                         

                        I'm trying to understand why we have these options. Answer seems to be that different developers and admins need different options for different deployment scenarios. I host many different clients on same server, and most of my clients access just one solution. The last think I want my clients to do is see even the names of other solutions they're not allowed to access!

                         

                        But I can see that, if a single company uses a number of different FileMaker solutions hosted on same server (one for Accounting, one for Sales, etc) it might make sense to allow them to a listing of all databases on the server and then pick.

                         

                        Will

                        • 9. Re: Filemaker 16 Webdirect Authentication
                          bigtom

                          No worries. When I first started using FM16 I got angry because I swore i just logged in. The it happened again, and then I paid attention the third time.

                           

                          It makes sense and it is in line with the way FMP for FLT works. Another security element to keep people away from files they should not see.