2 Replies Latest reply on Aug 9, 2012 10:41 AM by justinc

    Mac OS X, Active Directory, and SAML

    justinc

      Related to External Authentication for FIleMaker, how would a SAML implementation on Active Directory affect the authentication process? We are looking at switching to EA for some of our files, but our IT has mentioned that they use SAML. FileMaker states that EA will only talk to Active Directory and Open DIrectory. Would SAML get in the way of that?

       

      From what I have found it looks like SAML is more the connection from the server to the AD server. So this seems like it would be more of the realm of the OS configuration and capability, and thus (hopefully) not affect the FM side of things.

       

      Anyone have any experience with this?

       

      Thanks,

      J

        • 1. Re: Mac OS X, Active Directory, and SAML
          ch0c0halic

          J meet K,

          (Men in Black)

           

          FMS AE asks the OS for the groups that are associated with the user's OD or AD authentication. It does not talk to the authentication servers. It only asks the OS to perform the OD or AD service. I doubt it makes any difference what the OS uses to talk to the Authentication service as long as its BOUND correctly to that service and performs the authentication service as required.

          • 2. Re: Mac OS X, Active Directory, and SAML
            justinc

            That is kind of the mental model that I have developed about EA so far.  You have a variety of blocks with things talking to each other in a chain, and it is up to each bit of the chain to handle it's own part, but nothing else.  Something like:

             

            FM Client <=> FM Server <=> Server OS <=> AD Server

             

            It is my impression that that last link (Server OS <=> AD Server) is where the SAML layer would come into play, and thus it would be unimportant or irrelevant to the FMClient <=> FM Server connection.  AT LEAST, just so long as the Mac OS X 1.6.8 system can deal with SAML.  Which I am uncertain about, and was hoping that someone could clarify.

             

            J