[solved] [SVS] SSO - User information

This site uses cookies. By continuing to browse this site, you are agreeing to our Cookie Policy.

  • [solved] [SVS] SSO - User information

    Hi there!

    I finally got the SSO up and running the way we want to use it.

    The windows auth is able to return the username, domain and the wingroups of the authenticating user.
    We'd like to populate the fields (e-mail/fullname and so on) which are not automatically filled in for the user object.

    How would I go on about this?

    Sure I could write into the OnWindowsUserAuthorize Event to get it from the LDAP,
    but wouldn't that be redundant since the information for the mentioned fields are already queried beforehand?
    Also, how would I write informations into the related user object to the authenticating user since the function only returns these 3 fields?

    Thanks in advance!

    The post was edited 1 time, last by DataPhi ().

  • hi DataPhi,

    which event do you use to make the SSO win auth?

    I guess this would be possible to use the ldap_* PHP functions after the authentication (meaning, after the DOMAIN\user was created) to get the relevant information and store it on the #_USER_USER_PROPERTIES cube...

    I'm not sure about that, I never tried it

    Post hoc, non est propter hoc
  • hello again laloune ;)

    I am using the OnWindowsUserAuthorize Event of the SEPEventHandler.
    Theres not much to the changes I made, since I do not wan't to create an ldap group and join the user each time
    we create a new one, I simply return the Domain\Username as group instead of the wingroups.

    How to retrieve the Information might be the easier part here, maybe you could point me in the right direction on the "write to the cube" side?
    Also I am considering to do this each time they authenticate since there is this slight chance something changes on their User Object in the AD.

    edit: maybe there is a samplescript I overlooked somewhere, displaying an example read/write in php to the cube?

    The post was edited 1 time, last by DataPhi ().

  • Hi DataPhi,

    can you please post your php script cause I don't see yet what you've changed in the onWindowsAuthorize event.

    reading a cell in a cube would be no problem, but writing would be one. basically you can only write using the init-worker event cause this is the only one that ensure an exclusive access (the "palo_lock_area" function - see sep_inc_on_cell_change.php"). the auth event do not provide this possibilty.

    You'll have to trick using a SOAP call in the PHP script. This SOAP call would then trigger an ETL job that updates the cell in the cube accordingly. This is rather simple

    Post hoc, non est propter hoc
  • This is me overthinking now and then.
    I simply created an ETL Job that fills email and fullname of the #_USERS_ that match the DOMAIN\Users with values from the LDAP
    way easier and it's not going to trigger each time someone connects.

    Let's see how and when i am going to let this run periodically.

    Thank you for pointing ETL out to me ;)

    The post was edited 1 time, last by DataPhi ().