GW14SP1HP2: SSO and Cache mode of client

Good afternoon,

we have found the solution SSO to be wotking fine (see my post
GW14SP1HP2: SSO and POA GroupWise Name Server DNS records).

But I have got one question according SSO. We have discovered, when GW
client uses Online mode, SSO works. When GW client uses Cache mode, SSO
doesn't work as we expected because the user needs to enter his password.
It seems the Caching mode cannot use AD credentials oposite Online mode.

So I have question if I am right. Or we have other problem here.


Thank you.

---

Regards,

-Jan

Tags:

  • dus2002,

    It appears that in the past few days you have not received a response to your
    posting. That concerns us, and has triggered this automated reply.

    These forums are peer-to-peer, best effort, volunteer run and that if your issue
    is urgent or not getting a response, you might try one of the following options:

    - Visit https://www.microfocus.com/support-and-services and search the knowledgebase and/or check
    all the other self support options and support programs available.
    - Open a service request: https://www.microfocus.com/support
    - You could also try posting your message again. Make sure it is posted in the
    correct newsgroup. (http://forums.microfocus.com)
    - You might consider hiring a local partner to assist you.
    https://www.partnernetprogram.com/partnerfinder/find.html

    Be sure to read the forum FAQ about what to expect in the way of responses:
    http://forums.microfocus.com/faq.php

    Sometimes this automatic posting will alert someone that can respond.

    If this is a reply to a duplicate posting or otherwise posted in error, please
    ignore and accept our apologies and rest assured we will issue a stern reprimand
    to our posting bot.

    Good luck!

    Your Micro Focus Forums Team
    http://forums.microfocus.com


  • On Wed, 19 Apr 2017 04:30:21 0000, Automatic reply wrote:

    > dus2002,
    >
    > It appears that in the past few days you have not received a response to
    > your posting. That concerns us, and has triggered this automated reply.
    >
    > These forums are peer-to-peer, best effort, volunteer run and that if
    > your issue is urgent or not getting a response, you might try one of the
    > following options:
    >
    > - Visit https://www.microfocus.com/support-and-services and search the
    > knowledgebase and/or check all the other self support options and
    > support programs available.
    > - Open a service request: https://www.microfocus.com/support - You
    > could also try posting your message again. Make sure it is posted in the
    > correct newsgroup. (http://forums.microfocus.com)
    > - You might consider hiring a local partner to assist you.
    > https://www.partnernetprogram.com/partnerfinder/find.html
    >
    > Be sure to read the forum FAQ about what to expect in the way of
    > responses: http://forums.microfocus.com/faq.php
    >
    > Sometimes this automatic posting will alert someone that can respond.
    >
    > If this is a reply to a duplicate posting or otherwise posted in error,
    > please ignore and accept our apologies and rest assured we will issue a
    > stern reprimand to our posting bot.
    >
    > Good luck!
    >
    > Your Micro Focus Forums Team http://forums.microfocus.com


    Good morning,

    it seems no other hasn't used SSO with Caching mode.

    My problem is that I don't know if SSO should or not work with Caching
    mode. Maybe SSO is usable only with Online mode.

    Any answer welcome, of course.

    ---

    Regards,

    -Jan
  • Dus2002,

    > Good morning,
    >
    > it seems no other hasn't used SSO with Caching mode.
    >
    > My problem is that I don't know if SSO should or not work with Caching
    > mode. Maybe SSO is usable only with Online mode.
    >
    > Any answer welcome, of course.


    You should probably open an SR on this one.

    Pam

  • On Wed, 19 Apr 2017 17:36:34 0000, Pam Robello wrote:

    > Dus2002,
    >
    >> Good morning,
    >>
    >> it seems no other hasn't used SSO with Caching mode.
    >>
    >> My problem is that I don't know if SSO should or not work with Caching
    >> mode. Maybe SSO is usable only with Online mode.
    >>
    >> Any answer welcome, of course.

    >
    > You should probably open an SR on this one.
    >
    > Pam


    Good morning,

    O.K., so I have opened SR # 101063065041.

    We will see how things are going.

    ---

    -Jan
  • On Thu, 20 Apr 2017 05:24:27 0000, dus2002 wrote:

    > On Wed, 19 Apr 2017 17:36:34 0000, Pam Robello wrote:
    >
    >> Dus2002,
    >>
    >>> Good morning,
    >>>
    >>> it seems no other hasn't used SSO with Caching mode.
    >>>
    >>> My problem is that I don't know if SSO should or not work with Caching
    >>> mode. Maybe SSO is usable only with Online mode.
    >>>
    >>> Any answer welcome, of course.

    >>
    >> You should probably open an SR on this one.
    >>
    >> Pam

    >
    > Good morning,
    >
    > O.K., so I have opened SR # 101063065041.
    >
    > We will see how things are going.
    >
    > ---
    >
    > -Jan


    Good morning,

    the result is: the SSO is not usable with other mode than Online.

    See below the answer from GroupWise developers:
    -----snip
    SSO cannot work without a open communication to the POA for security
    reasons (the POA does not just take the client's word, it calls the
    directory to verify everything).

    In caching mode, at startup, the login is against the local store.
    Caching mode only talks to the POA during sync.
    It is required that caching mode open and run against the local store
    even if the POA is down.

    The only idea that I can think of is that we could try the POA and skip
    the password prompt if the POA is up and could verify our credentials.

    But even that would be problematic because the local store and the online
    store are not the same store, but a replicated copy. We would be hack-
    able. Example: I get a copy of your caching store and log in using
    credentials from a test system POA. Part of the SSO security is tied to
    the relationship between the online store and the directory user.

    So we would have to add code to also guarantee the relationship between
    the cache and the online.

    This could be done, but is a feature request.
    -----snap


    Below is the link to the Feature request page I've created:
    -----snip
    https://ideas.microfocus.com/MFI/novell-gw/Idea/Detail/12804
    -----snap

    ---

    Best regards,

    -Jan
  • Thank you for the valuable information Jan. Much appreciated.