by • October 9, 2017
DreamFactory 2.9 supports Single Sign On (SSO) using Windows Authentication. DreamFactory’s SQL Server service also supports Windows Authentication. However, SSO with Windows Authentication has some prerequisites. Here’s what you need to know to set it up.
DreamFactory SSO with Windows Authentication requires the following prerequisites:
Windows Authentication for DreamFactory’s SQL Server service requires the following prerequisites in addition to the above conditions.
Once the servers are set up correctly, you need to create an Active Directory service in DreamFactory which is bound to your Active Directory server that has all your machines under its Domain Controller. When creating this Active Directory service, please make sure to enter the username and password of the user from condition #6 above on the Active Directory service config page (in the DreamFactory Admin App).
Another important item on the Active Directory service config page in the Dreamfactory Admin App is the ‘Default Role’. If you pick a default role here, then this role will be automatically assigned to all users logging into DreamFactory using this service for all the apps in DreamFactory. You also have the option to choose a different role for each app using the ‘Role per App’ field in the config.
Once you create the Active Directory service, log out from the DreamFactory Admin App. Now on the log in screen you should see a ‘Services’ drop down. If you don’t see this drop down, please refresh your browser. From this services drop down, select your newly created Active Directory service. Now click on the ‘Login’ button without entering the username and password and you should be logged in using your Windows username.
Keep in mind that you are now logged into DreamFactory as a non-admin user and therefore won’t be able to see or do much in the DreamFactory Admin App. You can go to your profile page to make sure your profile information is correctly fetched from the Active Directory server. The real benefit of SSO is when you use it for your own application. Here’s an example API call to show you how you can perform SSO from your application:
This is the same API endpoint used for regular authentication. You don’t have to provide the username and password in the post data but do need to include the Active Directory service name in the ‘service’ parameter.
Once you’ve set up your SQL Server by following the steps above, SQL Server Service SSO is very simple. When you provision your SQL Server service in DreamFactory, don’t enter a username and password. Without the username and password in the service configuration, you should be able to access the database that your Windows user has access to using this service.
This blog post briefly explained how to set up Single Sign On (SSO) in DreamFactory by using Windows Authentication. Check out the community forum to discuss this feature or let us know what you think in the comments!
Kevin McGahey is an accomplished solutions engineer and product lead with expertise in API generation, microservices, and legacy system modernization, as demonstrated by his successful track record of facilitating the modernization of legacy databases for numerous public sector organizations.
Join the DreamFactory newsletter list.