Solved

ACS Integration

Posted on 2002-05-08
9
408 Views
Last Modified: 2006-11-17
I wanted to forward Authentication request of my Application Server to Cisco ACS Server. My Application Server doesnot understand AAA,TACACS,RADIUS kind of protocols. Basically I wanted to use Cisco ACS User Database for Authenticating.To make my Application Server Single Sign-on.
Any suggestion most appreciated.
Mukunda Rao
0
Comment
Question by:mukundarao
  • 2
  • 2
  • 2
  • +3
9 Comments
 
LVL 8

Expert Comment

by:scraig84
Comment Utility
The only thing I can think of would be to put a firewall between the users and the app.  The firewall could block access until authentication against the ACS server is used.  We do this at my work for some Internet apps.
0
 

Author Comment

by:mukundarao
Comment Utility
Thanks Scraig,
Application Server and the ACS Server both exists inside the Fire wall. I am looking for Single Sign-on solution.
Mukunda Rao
0
 
LVL 8

Expert Comment

by:scraig84
Comment Utility
I understand that your current environment probably doesn't have a firewall between the app server and its users.  However, since you have an app that doesn't understand common authentication protocols, but you want the app to use ACS which is based on common authentication protocols, you will probably need to put something between the server and its users to intercept requests and forward them to the ACS box.  I don't think there is any way to magically force the ACS box to work with an app that doesn't use any of the protocols it's designed to handle as an alternative.
0
 
LVL 79

Expert Comment

by:lrmoore
Comment Utility
What operating system is your application server running?
ACS can forward authentication to an NT domain controller, and your application should be able to authenticate with NT domain users. This would give you single sign-on using the NT domain user database.
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 

Author Comment

by:mukundarao
Comment Utility
I wanted to use ACS User database for authenticating our Application server users. Or in other words we wanted to just store the user name in our Application server and store the passwords in ACS user database and when our Application user tries to Log-in I wanted to forward the Authentication request to ACS Server.
     ACS Documentation says how to use external user database for forwarding the request from ACS to external application not the otherway around.

    Any suggestions???

Mukunda Rao
0
 
LVL 3

Expert Comment

by:mbruner
Comment Utility
Let me see if I am understanding what you are saying.  Basically, the user logs into an App Server and you want the server to forward the login request to the ACS user database so that you have a single username and password to maintain.

Based on the assumption that what I've said above is true, I think that LRMoore is on the right track.  What OS are you running?  ACS can authenticate users against several "third-party" directories (e.g. LDAP, NT/2000, NDS, etc).  For example, if your servers are running NT, then you could have a single sign-on because your ACS password would be the same as your NT password.

What SCraig84 is saying is that if you place a firewall or router between the App servers and the users, then you could force the firewall to authenticate the users before allowing them through to the servers.  Unfortunately, for this to work as a single sign-on, you would have to leave the server wide open so the users could access them without having to re-authenticate.

If neither of the options given by SCraig84 or LRMoore work for you, then your only hope would be to find some third party software plug-in for your App server that would allow it to authenticate against a RADIUS / TACACS+ server.  Other than that, I can't think of any way to make this happen.  

If you want us to help you look for a RADIUS / TACACS+ plug-in, then we will need to know the OS the App servers are running.

Hope it helps.  Good luck!
0
 
LVL 3

Expert Comment

by:brosenb0
Comment Utility
Probably off the wall, but I've seen mod_tacacs and mod_radius for the Apache web server (if that's what your app server is)
0
 
LVL 79

Expert Comment

by:lrmoore
Comment Utility
No comment has been added lately, so it's time to clean up this TA.
I will leave a recommendation in the Cleanup topic area for this question:

I recommend: PAQ or, delete, no refund

If you would like to keep this question open for more expert input, this cleanup effort will get it closer to the top of the list where it will get more visibility for the experts.

if there is any objection or other expert commentary to this recommendation then please post in here within 7 days.
If you feel that your question was not properly addressed, or that none of the comments received were appropriate answers, please post a request in Community support (with a link to this page) to refund your points. http://www.experts-exchange.com/Community_Support/

PLEASE DO NOT ACCEPT THIS COMMENT AS AN ANSWER!

thanks,
lrmoore
EE Cleanup Volunteer
---------------------
0
 

Accepted Solution

by:
SpideyMod earned 0 total points
Comment Utility
PAQ'd and points NOT refunded.

SpideyMod
Community Support Moderator @Experts Exchange
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Join & Write a Comment

There are two basic ways to configure a static route for Cisco IOS devices. I've written this article to highlight a case study comparing the configuration of a static route using the next-hop IP and the configuration of a static route using an outg…
Shadow IT is coming out of the shadows as more businesses are choosing cloud-based applications. It is now a multi-cloud world for most organizations. Simultaneously, most businesses have yet to consolidate with one cloud provider or define an offic…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

7 Experts available now in Live!

Get 1:1 Help Now