Products

Solutions

Resources

Partners

Community

About

New Community Website

Ordinarily, you'd be at the right spot, but we've recently launched a brand new community website... For the community, by the community.

Yay... Take Me to the Community!

Welcome to the DNN Community Forums, your preferred source of online community support for all things related to DNN.
In order to participate you must be a registered DNNizen

HomeHomeUsing DNN Platf...Using DNN Platf...Administration ...Administration ...DNN as a single point users administration in a big projectDNN as a single point users administration in a big project
Previous
 
Next
New Post
1/28/2017 11:06 AM
 
We can consider following scenario: implement Identity Server into the DNN. In this approach DNN will hold the identities (it will be an 'user store'). The Identity Server will create an authorization/authentication layer around DNN. This layer will expose OAuth and OpenID protocol on the top of the DNN.
Identity Server is an open source solution available here: https://github.com/IdentityServer/Ide...
here is an overview about the Identity Server: https://vimeo.com/113604459

The last step is to connect rest of the satellite apps: Wordpress, Joomla, etc, using the OAuth&OpenID to the DNN.
 
New Post
1/30/2017 9:30 PM
 

Hi again Barry,

I research for your offer about using AD only as a "user store" and handled authentication with another solution like this.

I asked about this problem in Microsoft forum, But got below answer:

That's why called "AD Authentication",so you can't separate from AD.But you can use AD LDS for an alternate.

I know about your last offer, that you propose DNN for user store. But I think, before going to the DNN, I should sure that I can't use AD.

 
New Post
1/31/2017 7:54 AM
 
If you want to have a DNN web application that has a "user store" in Active Directory, in short AD users will be able to sign in to DNN using their AD credentials, you have following options:

- LDAP protocol (it's something similar to AD LDS), by default AD has exposed TCP port 389 for LDAP connections. LDAP is enabled by default, so you don't need to do anything on the Active Directory side. From the DNN side you need to install 'login extension' that will connect to AD and validate entered credentials that are in AD 'users store'. These extensions are here:
https://dnnauthad.codeplex.com/
http://store.dnnsoftware.com/home/pro...
more info about the LDAP: https://en.wikipedia.org/wiki/Lightwe...
and here: http://dnn-connect.org/blogs/integrat...

- second options is a AD FS protocol, the differences are: it's more secure and powerful than LDAP. For example in case where there are multiple web apps that are using AD as a 'user store', AD FS gives you SSO which means that user will enter his credentials only once and he will be signed in to all apps. AD FS needs to be configured on AD and DNN side. ADFS plugin for DNN is here: http://store.dnnsoftware.com/home/pro...
more info about AD FS and DNN: https://docs.google.com/document/d/1I...#

Please note that all described above solutions doesn't support OAuth & Open ID.

Cheers,
Barry
 
New Post
1/31/2017 10:19 AM
 

Thank you so much for reply,

I want follow below structure:

1- AD only as a "user store" and don't have any role about authentication. (Based on your previous proposal)
2- For authentication using a product like this that supported Oauth/OpenID. (Based on your previous proposal that I use products with each platform)
3- Use DNN as a CMS without local user store and local authentication
4- Use each products like mail server, LMS or etc in this structure 
without local user store and local authentication

Can I implement above structure or based on Burak answer in Microsoft forum"That's why called "AD Authentication",so you can't separate from AD. But you can use AD LDS for an alternate" I can't implement above structure, because authentication can't separate from AD.

Thanks again for coordinate. 

 
New Post
2/1/2017 12:01 PM
 

The easiest solution is on a picture below.


Satellite apps  doesn't have their own 'user store'. They are using LDAP protocol to connect to the 'user store' that is placed in Active Directory. 

Or something more complex, that adds OAuth&OpenID endpoint for Active Directory server

Other more complex scenario. Note that Azure AD is much powerful and easier to integrate with Active Directory that Identity Server.

 

 
Previous
 
Next
HomeHomeUsing DNN Platf...Using DNN Platf...Administration ...Administration ...DNN as a single point users administration in a big projectDNN as a single point users administration in a big project


These Forums are dedicated to discussion of DNN Platform and Evoq Solutions.

For the benefit of the community and to protect the integrity of the ecosystem, please observe the following posting guidelines:

  1. No Advertising. This includes promotion of commercial and non-commercial products or services which are not directly related to DNN.
  2. No vendor trolling / poaching. If someone posts about a vendor issue, allow the vendor or other customers to respond. Any post that looks like trolling / poaching will be removed.
  3. Discussion or promotion of DNN Platform product releases under a different brand name are strictly prohibited.
  4. No Flaming or Trolling.
  5. No Profanity, Racism, or Prejudice.
  6. Site Moderators have the final word on approving / removing a thread or post or comment.
  7. English language posting only, please.
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out