1. Nilanjan Chatterjee
  2. PowerBuilder
  3. Wednesday, 20 January 2021 10:16 AM UTC

Hi,

I am trying to set up a SSO in my PowerBuilder application.

The requirement is such that the user wont need to enter the password and it would be a AD authentication that will allow and authenticate the user.

The application is in PowerBuilder 2017R3 and we have Sybase as backend.

I guess Kerberos is the only way we can use for this.

I need to know what are the changes that we require in the transaction object/SQLCA in PowerBuilder side for the Kerberos connection.

Thanks,

Nilanjan

John Fauss Accepted Answer Pending Moderation
  1. Wednesday, 20 January 2021 14:55 PM UTC
  2. PowerBuilder
  3. # 1

Greetings, Nilanjan -

I have not used Sybase ASE for more than a decade, but a quick search of the information in the Connection Reference publication indicates these DBParm settings may be helpful:

Sec_Mechanism
https://docs.appeon.com/pb2019r2/connection_reference/ch01s01.html#Sec_Mechanism

Sec_Network_Auth
https://docs.appeon.com/pb2019r2/connection_reference/ch01s01.html#Sec_Network_Auth

I suggest you examine all of the "Sec_xxxx" DBParm settings that are applicable to ASE. Perhaps others in the Community can offer additional tips.

Regards, John

Comment
There are no comments made yet.
Kevin Ridley Accepted Answer Pending Moderation
  1. Wednesday, 20 January 2021 17:53 PM UTC
  2. PowerBuilder
  3. # 2

So you're saying they've already logged into windows so they've passed authentication.  You can lookup roles in AD to see if they are in a certain group to allow access to the application.  You can get their OS username easily, then run it against AD to get groups.

Comment
  1. Nilanjan Chatterjee
  2. Thursday, 21 January 2021 12:02 PM UTC
I have retrieved the OS user name and email address of the user using LDAP.

After this the user needs to be authenticated individually to the Sybase db using their own id(AD user name or email id). This is where I am stuck. How do I authenticate the user to the database using what I have retrieved from AD?
  1. Helpful
  1. John Fauss
  2. Thursday, 21 January 2021 14:35 PM UTC
You may be expecting that you have to explicitly perform some extra task in order accomplish this, but I believe the ASE driver handles all of the details if you utilize the ASE-specific DBParm options that myself and Miguel have steered you towards.

The link that Miguel provided shows one example of what a developer had to code in SQLCA.DBParm to get this to work. Will the exact same options work for you? I don't know. Nobody does because your environment and situation are most likely unique.

You need to learn what the various "Sec_xxxxxxxxxxx" DBParm options do (that's what the online documentation is there for), work with your Sybase ASE DBA and experiment until you find the options and settings that work in your environment.
  1. Helpful
  1. Kevin Ridley
  2. Thursday, 21 January 2021 15:46 PM UTC
@John - agreed. I thought he was talking about application authentication, not authenticating to the database.
  1. Helpful
There are no comments made yet.
Miguel Leeuwe Accepted Answer Pending Moderation
  1. Wednesday, 20 January 2021 23:11 PM UTC
  2. PowerBuilder
  3. # 3

This is one of the links I get when I google on "Powerbuilder Kerberos":

https://stackoverflow.com/questions/38919478/kerberos-security-mechanism-inside-powerbuilder

regards

 

Comment
There are no comments made yet.
  • Page :
  • 1


There are no replies made for this question yet.
However, you are not allowed to reply to this question.