[THIN] Re: WI 4 and SSO w / and w/out

  • From: "Joe Shonk" <joe.shonk@xxxxxxxxx>
  • To: <thin@xxxxxxxxxxxxx>
  • Date: Tue, 19 Sep 2006 09:06:48 -0700

Yup... Welcome to my world, feeling my pain...   I was told it was done in
the name of "security".  More than the "it's by design" excuses vendor give
is when they pull the "security" card security on you...  Security options
should be available for those who need it, but configurable for those who

Keep in mind, not all decisions are based on technical merit. 


-----Original Message-----
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf
Of Braebaum, Neil
Sent: Tuesday, September 19, 2006 1:19 AM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: WI 4 and SSO w / and w/out

> From: "Joe Shonk" <joe.shonk@xxxxxxxxx>
> Subject: [THIN] Re: WI 4 and SSO w / and w/out passthru and 
> pushed Java client?
> Date: Mon, 18 Sep 2006 09:52:14 -0700
> It's by design... (Don't you just love those excuses, but 
> really it is)


Why would they design it broken?

I'm fairly sure you used to be able to do this with earlier WI versions
and / or NFuse.

> I'm not sure about the Java client, but with 
> the Web/PN client you have to add EnableSSONThruICAFile=Yes 
> to the [WFClient] Section of the user's AppSrv.ini file.  
> This will allow SSON to both the Web Interface portal and the GINA.

It just seems total farce, if you actually have to already push a
client. What's the point of being able to do it dynamically, if you
can't do it all - and I'm sure you could in the past.

I realise there's the external client use to think about - but all the
same, it just seems like a big hole in this approach. I mean you can
have it grab the desktop credentials, but not use them for autologon of
the spawned app, or make them authenticate explicitly again through WI
and have it autologon, but not both. Seems truly daft.

I'm sure I've done this with older versions, the only true reason I
didn't use it in production, being that the target clients were Macs, so
the desktop credentials pass-through wasn't tenable.

Can anybody else confirm that this worked in the past with other
versions? And if so, makes you wonder why not now.

> As far as customizing the Java client,  you should be able to 
> turn off the Connection Center in the Access Suite Console by 
> deselecting the option when you configure client distribution.

The only option I can think of, where I think you mean, being the
Configuration UI package. But I'm pretty sure I've turned that off, and
still get connection centre.




This email and its attachments are confidential and are intended for the
above named recipient only. If this has come to you in error, please notify
the sender immediately and delete this email from your system. You must take
no action based on this, nor must you copy or disclose it or any part of its
contents to any person or organisation. Statements and opinions contained in
this email may not necessarily represent those of Littlewoods Shop Direct
Group Limited or its subsidiaries. Please note that email communications may
be monitored. The registered office of Littlewoods Shop Direct Group Limited
is 1st Floor, Skyways House, Speke Road, Speke, Liverpool, L70 1AB,
registered number 5059352


This message has been scanned for viruses by BlackSpider MailControl -
For Archives, RSS, to Unsubscribe, Subscribe or 
set Digest or Vacation mode use the below link:

For Archives, RSS, to Unsubscribe, Subscribe or 
set Digest or Vacation mode use the below link:

Other related posts: