How to store username and hashed password retrieved from other system into Drupal. The point is one person having account in other system not need to register in Drupal application again, he should able to login with the same credentials.
One way you can solve this is to use LDAP in your network. This of course if the other system also has support for LDAP.
How to setup LDAP in your Drupal installation you can find here:
https://www.drupal.org/node/997082
How to configure LDAP for you network I have no clue about but guess you can just google it. Not much info but hope it will point you in right direction.
Related
I have installed wazuh manager server, with elasticsearch and kibana. I can access to kibana web with no-login for now. And now I want to set it to access wazuh with AD access for whole company.
It is possible to do that on free version or do I need to buy elastic?
AD should be set on Wazuh login, or to Kibana web login, or to elasticsearch?? I know there can be login set for all three apps, but I am strugle to find out, which one is for AD.
Thank you
Thanks for using Wazuh!
It is possible to integrate Active Directory with Elastic. You can find on how to configure it, here. It is configured for Elasticsearch.
I hope this answers your question.
Cheers
We use LDAP to login to different applications including out service laptop. Is it possible to find out user's last login date for a specific application(in my case only one application)?
I am new to this LDAP so have no idea how things works with LDAP. Apologies if my question is stupid and does not make sense.
Most servers keep an audit log of all operations. An administrator may be able to search through the logs to identify the last time a user authenticated from an IP address (aka the application).
But otherwise, LDAP servers don't know what is the LDAP client and have no way to keep track of applications. Servers that keep track of the last login time is per user.
Need some help trying to figure out my authentication options for using the embedded service in an app owns data scenario.
Is the only way to authenticate and generate tokens by using your Azure AD credentials? I have went through the examples and got everything running just fine but....
Here at the university that I work at our credentials change every quarter. This means all 10 or so apps where I need embedded reports will have down time as I update this information every quarter. This is going to create a lot of work. Not only that but I really don't like the idea of the rest of the developers on the team managing the code having access to my personal AD account which is tied to lots of other personal university resources..payroll.. etc..
Am I missing something is there not another way to go about setting this up?
Is there anyway to setup a separate membership provider to authenticate against?
Thanks for your help.
Perhaps a service principal is a better approach for you. Instead of using a service account with a username and password you use a secure API KEY instead.
See below link, there are some limitations using a service principal as apposed to a master account:
https://learn.microsoft.com/en-us/power-bi/developer/embed-service-principal#service-principal-vs-master-account
But no, your not missing anything you if you want to use app owns the data model with a master account you'll have to know the username and password and ideally that should be a limited account that only has the access it needs, is not on the same password policy as normal user accounts where its password can expire etc.
I would like to avoid having a plain text password in the .ini file. I guess it should use Kerberos authentication, but I couldn't find how to do that.
I don't believe that Shiro has any capability to support Windows Kerberos authentication nor does it appear to have any "out of the box" capability to support encrypted passwords in the [main] section of the shiro.ini file.
Looking at this message (http://shiro-user.582556.n2.nabble.com/How-to-secure-database-password-in-shiro-ini-td7578763.html) on the Shiro mailing list it suggests the best solution is to create your own password factory which will return the password when needed. The mailing list talks about using this for database passwords but the same principle should apply to Active Directory.
This link (https://issues.apache.org/jira/browse/SHIRO-445) contains a patch which should give you some pointers on how to do this.
Currently have an client application running on GAE that supports OpenId login to access resources on a server application (also on GAE) through OAuth. All is fine.
But, it requires that the user have an account with Google, Yahoo, or other OpenId provider. While that seems fine for personal users, how do I handle the corporate case where users want to use myname#mycompany.com as their login?
Do I build my own OpenId provider, host it, and store those names/passwords in a database?
Is there existing OpenId source that I can use, but give it my own names/passwords?
Do I skip OpenId entirely and somehow get my own custom db lookup to integrate with GAE authentication?
Something complete different?
My work is in Java, so Java solutions are preferred. And since this is more for prototyping than for production use, easier solutions are preferred :).
After doing some additional research it seems that if I want to stick with my current use of Restlet's GAEAuthenticator then I will have to rely on OpenId. There appears to be ways to rewrite the entire authentication so that it works both with Google/OpenId and a custom database (not what I want to try), and there appear to be commercial products (SadaSystems) that seem to also do it.
For now, my workaround is to ask people who want to use their own email address in our system to sign up with MyOpenId and add that email address as their persona.