Is there any way to get IWP to recognize active directory groups and do the pass-through authentication?
On my systems, IWP recognizes Active Directory groups, although it isn't a Single Sign On experience (Windows 2008 R2, FMSA 11.0v3).
What difficulties are you experiencing? What systems are you running (OS, FMP/FMSA version)?
Beatrice Beaubien, PhD
i2eye, Toronto, Canada
FileMaker Business Alliance
FileMaker 11 Certified Developer
Aryden may have gone to the drive thru,
You first have to realize how external authentication works. When the FMS client, be it an IWP or FMP client, request access to a DB then FMS makes a call for authentication services to the OS. It is the OS that performs the OD or AD connection to get the credential authenticated and a list of the groups they belong to.
So yes, IWP and FMP clients both do external authentication. But its thru the FMS/OS connection.
I've figured out that what I want to do isn't possible unless I do CWP and add in the SSO code myself. I found also that when I logged into my DB's through IWP, it wasn't inheriting my permission sets from Active Directory at all.
Aryden may have to do the impossible with nothing,
Perhaps if you described what you are trying to do we can give some sugestions.
BTW, IWP and FMP client both use the same external authentication processing. So if its not working in IWP it also won't work in FMP.
I am supposed to open up a reports db that my users want to access. Upper management needs access to it as well. Upper management does not want to have to install FileMaker in order to access the reports and they want them published out in an area with their standard reports from other organizations.
In order to get them what they want, I have been investigating using either IWP or CWP to publish the reports. The catch to this is, I need SSO to work. The user must be able to navigate to the report pages, be authenticated via SSO and taken to the reporting information navigation that they need to see.
Aryden "and then there's upper management",
I see a couple of area of interest.
1. "... published out in an area with their standard reports from other organizations."
Even if the other organizations are using FMP its unlikely you will be able to use IWP to do this. The location for these reports is probably password protected and that's totally outside of FMP so the report site would have to be able to pass the credentials to FMP. This is not automatically done between 'sites'. If you don't have design access to the Report site then I doubt you can do this at all as you cannot get the sign on credentials from the site. If you can reverse the order of authentication - going to FMP first - then you can create a login process within FMP so you can capture the credentials and then possibly use them in a URL to log into the report site. Not the best of options though, see item 2.
2. If these reports are generated daily then you can create them in FMP and export them to the report site, place a differently named copy into a history folder so they can get to them. If the reports could be PDF's and always named the same thing then you could replace the report files on a daily basis very easily. Otherwise, uploading HTML pages to the site would have to be enabled by the site administrator and you'd have to be creative about generating the header's and footer's and navigation parts of the report pages.
If the reports need to be dynamically generated then you have more work. It can still be done but the end user will have to wait until the report is generated and posted as a new report.
3. IMHO, SSO isn't the real issue as there are two different sites involved and you'd need control of the report site to pass the credentials to the FMP site (or vise - verse) to make it work.
They need the reports as live data published out interactively on the web, not published out as PDF's, excel etc. If that were the case, this would not even be a discussion. For their reports "dashboard" they have a bunch of links within a sharepoint list. So all I need to provide them is the link to the FM solition.
I have been dealing with the "upper management (Sr. Director, VP, Senior VP)" for months now on the reports they wanted built, they don't want anything to do with FileMaker, they just want to click links and see their metrics. They don't want to have to deal with logins, logouts, etc. Most importantly, they just want to see the data that is pertinent to them and them only when they click their link.
All of which, I have taken care of, except for getting a method of logging in without them having to enter a username/ password.
Retrieving data ...