Finally the help of IT is here

Blog of computer solutions.

Single Sign On with ADFS to Google Apps.

Posted by Xaus Xavier Nadal 17th on March 2012

This article will explain step by step what we need to do to get an authentication Single Sign On (SSO) through protocol SAML through a server Active Directory Federation Server 2.0 (ADFS 2.0) y Google Apps (gapps) as Backend.

Ultimately that with our domain user can validate we at any website without knowing the password of the service that we are going to connect (only with our current domain credentials will we be able to enter Google Apps without double authentication).

This procedure may be used for different types of entities that require authentication of a server frontend for SAML requests.

But first I will explain a little what this is SAML and because we have chosen this as complicated rather than a user database in the cloud or a direct integration to LDAP solution.

The issue of safety is always important to have open ports to our LDAP from the cloud has never convinced me, so we had two options (integrate the system with a database on Google or simply an integration of SAML without having to open ports on the firewall without having to maintain a database of users and passwords in the cloud). The answer was simple. SAML.

But what is and what is the SAML protocol?

8 consists of "simple" steps.

1.- The user makes a request for access to the web to which you want to access. For example http://www.google.com/a/megacrack.es

 

2.- Google Apps in this case the user responds with the identity provider to which you must send the request for SSO. For example .com / adfs / ls "> .com / adfs / ls"> .com / adfs / ls "> .com / adfs / ls"> http. // saml <domain> .com / adfs / ls

 

3.- The user happens to the identity provider (in our case Active Directory Federation Server) login credentials using Single Sign On (Pick up the credentials of the last logon in the domain) or in this case a screen is displayed asking credentials to be the same as the domain.

 

4.- The Identity Provider returns the user with an XHTML form as follows:

<Form method = "post" action = "https:. // Saml <domain> .com / SAML2 / SSO / POST" ...> <input type = "hidden" name = "SAMLResponse" value = "response" / > ... <input type = "submit" value = "submit" /> </ form>

 

5.- The user transfers a POST request to the web that will confirm authentication. The value of the SAML response is collected XHTML code.

 

6.- the response is processed, the service provider creates a safe environment and redirects the user to the destination.

 

7.- The user restarts the access request (https://www.google.com/a/megacrack.es/acs)

 

8.- In the event that the environment is safe, the service provider returns control to the user who finally agrees to the web.

It sounds complicated but really is as simple as the following:

Users access 1.- http://correo.megacrack.es

2.- you are shown a screen like this where you should put your domain credentials to the user.

Validation

3.- The user accesses the site without problems.

And if the system worked as it should not go out or even the previous screen (automatically would pick the logon credentials Windows).

Megacrack read »

tags: , , , , , , ,
Posted by Active Directory, certificate, Google Apps, Google Apps, IIS, Single Sign On | 4 Comments »

How to do Single Sign On on Terminal Server connections

Posted by albertfr on January 7 2012th

Hello,

To improve user experience at login time, there is a way to activate "Single Sign on" for Terminal Servers connections.

If you have Windows XP client machine, it requires:

· At Least Service Pack 3.

· At Least Remote Desktop Connection 7.

Once this is installed Then You Have to:

Local Install the following executable as admin user: www.megacrack.es / files / MicrosoftFixit50588.msi

In every client, XP, Vista, 7, etc .. you need to execute the following registry Modifications:

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Policies \ Microsoft \ Windows \ CredentialsDelegation]
"ConcatenateDefaults_AllowDefault" = dword: 00000001
"AllowDefaultCredentials" = dword: 00000001

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Policies \ Microsoft \ Windows \ CredentialsDelegation \ AllowDefaultCredentials]
"1" = "TERMSRV / <TerminalServer (A)>"
"2" = "TERMSRV / <TerminalServer (B)>"

Reboot computer.

That's all folks. We are waiting your comments bellow. We hope this information will be usable for you.

See you soon MegaCracks.

tags: , , , , , ,
Posted by Single Sign On, terminal Server | 2 Comments »

GTranslate Your license is inactive or expired, please subscribe again!