Jump to content
OAS

How to implement SSO Client for Windows using ICS

Recommended Posts

When using ICS with proxy, you have to write user / password at each application start or store them in text file or configuration files or code (it's bad) for proxy.

 

ICS provide fields proxyUserName and ProxyPassword for proxies.

 

But proxies are not only usage for SSO, it's usefull for Server and Client validation on Windows wolrd (and others if you use Kerberos and other validation sytem) : Client use his credentials in place of user/password and serverdon't have to know (store) those informations, just ask to a service to validate client credentials.

 

If you use Windows on domain, you have to use your session informations to connect wich is called Single Sign On (SSO). You are indentified once at startup and use Domain Controler to provide your identity.

 

Windows protocol NTML is implemented for basics, can manage proxy authentification but have'nt NTLM complete implementation.

 

In "OverbyteIcsHttpSrv" is implemented Server side to validate Domain validation but not Client side.

 

I propose to add functionnality for Client SSO using NTLMSession yet declared with some modifications

8.61.zip

Share this post


Link to post
1 hour ago, OAS said:

I propose to add functionnality for Client SSO using NTLMSession yet declared with some modifications 

Thanks for the new units, don't see a problem adding them to SVN this week. 

However I really need a way to test the changes, independently of ICS,

My network does not have a domain controller.  

 

Angus

 

Share this post


Link to post

Hello

 

I forgot release part so I propose you to add in  OverbyteIcsHttpProt.pas, line ~1445

 

destructor THttpCli.Destroy;
begin

.....
{$IFDEF USE_NTLM_AUTH}
    FreeAndNil(FAuthNtlmSession);  // V8.61
{$ENDIF}

    inherited Destroy;
end;

Share this post


Link to post

Your earlier changes are already in SVN and the overnight zip, with slight modification, I'll add this change next time.

 

Strangely, I could not find any ICS client samples that test authentication, the BrowserDemo using HtmlViewer did not actually work despite putting up a login dialog box, which I have now fixed.   

 

But I've not got NTLM authentication working, sure I set it up many years ago on my IIS server, but can not remember how.  Think it might need NT permissions set-up on restricted directories, but I'm hazy on this

 

Angus

 

Share this post


Link to post

Thanks.

 

I known this miss in ICS that's why I share it. SSO functionnality should be more used but I saw more cases where there is a dialog box or storage for user/PW (I do it myself when I set a windows service wich have to go throught proxy server).

I hope it would pleased to dev because I think SSO is a good practice.

 

Olivier

 

 

 

Share this post


Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×