TL;DR: is there an extended property for user application authorization?
My development environment and my user application database are seperated by a VPN and distinct active domains, with no username overlap.
While developing, I am not running the user application via IAM but directly against the model in the SF. I have restricted access to the user application database,
I have no say in the domain user names, or which to use. This precludes windows domain authentication when starting the user application.
My work-around is to add an RDBMS-login to my SF database for a corresponding RDBMS-login on the other end. Is that the only way? I can not find an extended property that tells to give a second login pop-up or that allows to define a static user/password combination for the user application.
Solved
Runtime config: different authorization for user application database
- 82 replies
Best answer by Vincent Doppenberg
I would not have expected it to matter whether you start the application against the model in the SF or the model in IAM, there is no relevant difference between the two with regard to this behaviour. I will do some testing soon to it to see why it doesn't work the same way.
View originalThis topic has been closed for comments
Boudewijn wrote:
My work-around is to add an RDBMS-login to my SF database for a corresponding RDBMS-login on the other end. Is that the only way? I can not find an extended property that tells to give a second login pop-up or that allows to define a static user/password combination for the user application.
Hi Boudewijn,
I'm not sure if I understand the issue, because what you are describing is the default behaviour for the Windows GUI. The credentials that you enter when you initially log in are used to access the IAM database in order to load the application model. The Windows GUI will then attempt to use the same credentials for the application database and show a second login dialog upon failure.
If your question is how to avoid this second login dialog, then yes, the only way to do this is to make sure that a single set of credentials works on both databases.
When working with a Web GUI or a GUI that operates against Indicium, it becomes a bit easier due to connection pooling. You can then use IAM-authentication for all of your users (which doesn't require them to exist on either database) and configure a single pool user on both databases. In the future it will even be possible to configure pool users per application, so it won't even be necessary for them to have the same credentials then.
- 82 replies
Vincent Doppenberg wrote:
The credentials that you enter when you initially log in are used to access the IAM database in order to load the application model
Boudewijn wrote:
While developing, I am not running the user application via IAM but directly against the model in the SF. I have restricted access to the user application database.
In this case there is a second pop-up, but the dialog is a fairly monotonous 'login failed, retry/cancel?'.
I hoped for the same dialog as when using IAM. Is there a property that can be set for that?
I would not have expected it to matter whether you start the application against the model in the SF or the model in IAM, there is no relevant difference between the two with regard to this behaviour. I will do some testing soon to it to see why it doesn't work the same way.
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.