Subscribe for automatic updates: RSS icon RSS

Login icon Sign in for full access | Help icon Help
Advanced search

Pages: [1]
  Reply  |  Print  
Author Topic: Integration between Genero and Windows Active Directory  (Read 8771 times)
Anderson P.
Posts: 82


« on: April 17, 2018, 06:32:11 pm »

Hello!

We are trying to implement in our system an integration between Genero and Windows AD (Active Directory). Something like performing the login at the Genero applications based on the Windows AD credentials.

To accomplish this, Genero must be able to access the login and domain name of the current Windows user.

So my question is, does Genero support some kind of integration with the Windows AD?

Thanks for your attention.
Jeroni C.
Posts: 17


« Reply #1 on: April 17, 2018, 07:47:11 pm »

Hi,

I'm not sure if there are a better solution, but we made a LDAP Authentication for web apps and web services using a java class that use an standard java library.

We base ourselves on this example (but there are a lot of examples in google):

https://stackoverflow.com/questions/12317205/ldap-authentication-using-java?utm_medium=organic&utm_source=google_rich_qa&utm_campaign=google_rich_qa

Regards,
Jero
Anderson P.
Posts: 82


« Reply #2 on: April 17, 2018, 08:44:12 pm »

Hello Jeroni , thanks for your reply!

This is indeed a nice way to solve this, the drawback with this solution is that this will require Genero to run a JVM at the server.

I don't remind exactly why, but our consultant has advised us to avoid using Java calls, because the JVM could reduce performance. Searching through Genero Help I have found this:

Quote
The usage of Genero Web Services to call a Java™ service is recommended in a SOA environment. It enables several Genero applications to connect to a centralized Java service without the need to start a new JVM for each running Genero application.

So in a webservice, as is your case, this might not cause any problem, but maybe in a desktop application we could have a performance reduction.

But if there is no native solution, I think we will try this Java solution.

Thank you again for your reply and for your attention.
Jeroni C.
Posts: 17


« Reply #3 on: April 18, 2018, 10:12:44 am »

Hello Anderson,

Yes, there are a small (in our case) delay when the JVM start on first call, and a 30-40Mb of memory consumption in each process.

This is not a problem for us at this time, and the benefits of extensibility outweigh the drawbacks, we currently use several Java libraries to facilitate tasks such as creating office documents or sending / receiving / parsing emals.

Anyway, we have plans to move the LDAP authentication to an independent web service if we see that the use of resources is excessively increased.

Regards,
Jero
.
Four Js
Posts: 30


« Reply #4 on: April 18, 2018, 10:50:16 am »

Hello

What client are you using ? GDC or GBC ? If GDC, what kind of connection are you using ? SSH or HTTP ?
If you are using GDC / SSH, you should be able to use the AD thanks to the kerberos setting in your GDC shortcuts.
If you are using GDC / HTTP or GBC, our SSO integration in GAS allows you to interact with IDP such as ADFS.

Please contact your support center if you need more details.

Olivier.
Genero Project Manager.
Anderson P.
Posts: 82


« Reply #5 on: April 18, 2018, 01:52:00 pm »

Hello Anderson,

Yes, there are a small (in our case) delay when the JVM start on first call, and a 30-40Mb of memory consumption in each process.

This is not a problem for us at this time, and the benefits of extensibility outweigh the drawbacks, we currently use several Java libraries to facilitate tasks such as creating office documents or sending / receiving / parsing emals.

Anyway, we have plans to move the LDAP authentication to an independent web service if we see that the use of resources is excessively increased.

Regards,
Jero

Jeroni, I was talking to my colleagues and remembered why we removed the Java call.

The problem we were facing is that sometimes, but not every time, the login screen was presenting a delay. Something like two or three seconds. We figured out that it was being caused by a java call used to decode an AES256 token that the user send during the login process.

Then our consultant, Florencia, told us about a new "Security" class that was implemented in Genero and could natively decode that token. And in the occasion she advised us to always look forward to native solutions, especially on the login process, that is executed a lot of times!

So that's way. But again, that was on a GDC application, I guess that in web applications, like it's your case, this is different. Because at web, Genero use a single application for multiple users. So I think you will not have problems with it.

Hello

What client are you using ? GDC or GBC ? If GDC, what kind of connection are you using ? SSH or HTTP ?
If you are using GDC / SSH, you should be able to use the AD thanks to the kerberos setting in your GDC shortcuts.
If you are using GDC / HTTP or GBC, our SSO integration in GAS allows you to interact with IDP such as ADFS.

Please contact your support center if you need more details.

Olivier.
Genero Project Manager.

Olivier, thanks for your reply!

We are using GDC/SSH and our goal is to retrieve the domain and user credentials that the user used to login at Windows, and validate it to perform a auto-login at Genero.

Our consultant, Florencia, already emailed me and we are working on this.

Thanks again for your attention, after we had this working I will post here the solution, to be registered.
Pages: [1]
  Reply  |  Print  
 
Jump to:  

Powered by SMF 1.1.21 | SMF © 2015, Simple Machines