|
|
AD Authentication passthrough
Posted: 18 Oct 06 10:16 AM
|
fiogf49gjkf0d Can anyone explain how the passthrough is working from AD to SLX and back.
Thx ML |
|
|
|
Re: AD Authentication passthrough
Posted: 18 Oct 06 1:16 PM
|
fiogf49gjkf0d First, take a look here: http://www.slxdeveloper.com/page.aspx?action=viewarticle&articleid=59
AFAIK, you basically link up the AD user to a SLX one and in doing so the AD user's SID is stored for the SLX user account record. When SLX starts up it matches the logged in user SID with a SID stored for a SLX user and if located, SLX is logged in with the SLX user account credentials automatically. So, you're not exactly logging in with the AD user's credentials, so nothing is passing through to the AD. The logged in user on the local pc's SID is compared with one previously stored in the SLX database (linked up with a SLX user) and then the SLX user's credentials (that matched the logged in SID) are used to log in. That's how I understand it anyway.
-Ryan |
|
|
|
Re: AD Authentication passthrough
Posted: 18 Oct 06 1:33 PM
|
fiogf49gjkf0d if I understnad correctly then it wouldn't matter what the SLX username is as long as you login to the correct desktop user account you will get in to SLX? |
|
|
|
Re: AD Authentication passthrough
Posted: 18 Oct 06 1:39 PM
|
fiogf49gjkf0d That is correct. The SLX user name does not need to match the AD user in any way. It is all based on the AD user you're logged into the desktop pc as, and if that user has been linked to a SLX user account. |
|
|
|
Re: AD Authentication passthrough
Posted: 18 Oct 06 1:42 PM
|
fiogf49gjkf0d What would be the implcations in citrix or term services? Thx for the info
P.S. thanks for the site |
|
|
|
Re: AD Authentication passthrough
Posted: 18 Oct 06 1:46 PM
|
fiogf49gjkf0d The same would apply as they are still authenticated by the AD as an AD user. Whether on a physical desktop or via RDP, term services, Citrix, they are still logging into the OS as some AD user, so everything would still apply. |
|
|
|
Re: AD Authentication passthrough
Posted: 18 Oct 06 4:30 PM
|
fiogf49gjkf0d Can SLXProfiler.exe profile the SQL returned by the AD auth method? I'm betting that it can't since it will only link up to a SLX app when it's logged into the database.
If this is the case, how would one go about profiling it? SQL profiler? |
|
|
|
Re: AD Authentication passthrough
Posted: 18 Oct 06 4:46 PM
|
fiogf49gjkf0d Originally posted by Jeremy Brayton
Can SLXProfiler.exe profile the SQL returned by the AD auth method? I'm betting that it can't since it will only link up to a SLX app when it's logged into the database. |
|
Yes, the SLX profiler can profile activity from connections using integrated security. The profiler profiles provider level activity, regardless of how the user authenticated. |
|
|
|
Re: AD Authentication passthrough
Posted: 18 Oct 06 7:19 PM
|
fiogf49gjkf0d Originally posted by Ryan Farley
Yes, the SLX profiler can profile activity from connections using integrated security. The profiler profiles provider level activity, regardless of how the user authenticated. |
|
I meant profile the SQL query that the AD integration calls, like "SELECT WINDOWSAUTH FROM USERINFO WHERE SID = 'BLAH'". The SLX profiler doesn't start capturing information until the connection is fully authenticated, so I believe the only way to get the query is to use the SQL profiler. I believe I answered my own question but I was basically looking for a way to validate what it's doing under the hood. |
|
|
|