Page 1 of 1
Using Integrated Windows Authentication?
Posted: Tue Jun 17, 2008 9:13 am
by Steve.Czetty
I am trying to use the API to connect to Vault using Integrated Windows Authentication, instead of requiring the user to enter their username and password each time (or, worse, store it in a config file).
I don't, at the current time, know if IIS has been set up correctly, but I am in the process of finding out. The problem is that I don't see a way to signal to the API that it should be using this method to authenticate, and my experience with Vault so far is that it really isn't there. Is this the case?
If there is not support for it at this time, please consider this a feature request for integrated windows authentication, at least when connecting to Vault via the API.
tia!
-Steve
Posted: Tue Jun 17, 2008 9:35 am
by Beth
What Vault can currently do is make use of a user's AD login and password instead of a separate Vault login an password. You wouldn't set this up with the API.
Vault needs to run under a domain account to make use of AD authentication. See the
Installation Instructions for more information about that. You would set the IIS Process Model to Custom and enter or create a domain user. If you are at the point where you need to change to this, then let me know and I can help you through that.
After that, you would go into the Vault admin web page (or tool if on an older version) and enter in the Domain Information. Then when adding users, make their logins be exactly the same as their AD login.
Posted: Tue Jun 17, 2008 9:38 am
by Beth
If I misunderstood and you already have your users using AD authentication and are just wanting them to not to remember logins and passwords, we have a profile function they should try out. When first logging in, they should click the profile button and create a new profile. Then they only have to select the profile to log in.
If that still doesn't accomplish what you want, just let me know.
Posted: Thu Jun 19, 2008 11:02 am
by Steve.Czetty
I will take the profiles idea under advisement, but I am not sure if that will accomplish what we are looking for in our environment.
Our application was originally written for Visual SourceSafe, and it includes a checkbox for "Integrated Windows Authentication". Essentially, it takes the credentials of the currently logged-in user, and passes it though to sourcesafe without requiring the userid or password. We would like to have a global configuration file for all users of our app, but because each user needs to individually enter their passwords (which we currently store in the config, encrypted), that has proven difficult. It is also undesirable to store the passwords at all, in any form.
Since Vault is served on IIS, those credentials can be passed to the application from IIS if the configuration is set up to do so. However, the API appears to require that explicit userid and password be set. Let me know if I am misintrepreting this.
Thanks again!
-Steve
Posted: Tue Jun 24, 2008 7:13 am
by jeremy_sg
We don't currently have this capability, but it has been requested numerous times. I've added your name to the feature request.