This content has been marked as final. Show 7 replies
Are you using a windows server? Why not just make use of Integrated Windows Authentication?
Thanks for you response. I do have a windows server, however, when I tried initiating IWA , it prompts for a un and pw anyway.
This may have something to do with the network configuration?
We have a Watchguard firewall through which the webserver needs to pass to see the AD on DC1?
I'm not really sure what you are trying to do. You can query AD, via CFLDAP, to retrieve information about the account.
If you are trying to authentication the user, you only need to use Windows or browser authentication. This will bounce against AD automatically. However, if you create a custom login form, you can use LDAP to authenticate the user.
If you create your own login form, you can still attempt to run the CFLDAP tag using the user's username/password, rather than an admin's username/password. Wrap the CFLDAP tag in CFTRY/CFCATCH to handle any errors.
Thanks for your response.
My original intent was to try to avoid a second login screen for users already logged onto the network- so they would be allowed an internal view of data vs the outside view.
The LDAP query method does return all users, but there is no way I know of to compare the results of the query to anything- IOW if the user is in AD and they are logged on, let them see the data without the need to use another Windows logon prompt, even though it's the same un pw as their NT un pw.
I hope I cleared up what it is I'm trying to do.
You have two issues.
1. You need to use Windows Integrated Authentication to ensure that an internal person doesn't have to log in twice.
2. You need to determine what will control access to your resources. I would suggest using domain groups to control the access.
Your CFLDAP query should pass the user's username and password and filter on sAMAccountname = "CGI.auth_user". That would return only the logged-in user's information, such as "memberOf" to get the group membership.
Do you have any reference Docs of how to use IWA with aem?
Do you have any reference Docs on how to use IWA with aem? How IWA communicates with AEM?