Transparent Logon Administrators Guide

Transparent Logon provides a simple, straightforward and secure way of allowing your users to access JD Edwards without having to enter a password, provided they are an active and authenticated user in your Windows domain.

Technical Concept

Transparent Logon Concept
Transparent Logon Concept

Transparent Logon installs a webserver for each environment it needs to serve. Every server runs on the same machine as an instance on a separate port.

  1. Your users logon to their Windows account
  2. As a result, their machine gets a token from the domain server
  3. When users want to acces the JDEdwards webserver, instead of navigating to the JD Edwards URL, they will navigate to the Transparent Logon URL
  4. Transparent Logon inspects the token to assess whether the user is an active user in the domain and has access to the resource it requests.
  5. The token is veriefied with the domain server
  6. Transparent Logon correlates the windows user ID with a JDEdwards user ID, resets the password and established a session with JDEdwards
  7. The traffic is redirected and the Transparent Logon server removes itself from between the User and JDEdwards server
  8. The user now has a session with the JDEdwards server (or AIS server or DAS server).

Transparent Logon URL’s

Once you install a transparent logon server, you can create separate server instances to serve your environments. The URL your users use on this server defines the action Transparent Logon is taking.

Administrator Access

Syntax:

<TLServer>:443

When accessing the root of your server on port 443 (https), then the administrative back ends opens. Make sure to restrict access to the panel by setting the correct windows group.

User Access

Syntax:

<TLServer>:<Port></url>

Your users will use any of the following URL’s when interacting with Transparent Logon (or rather with JD Edwards resources, as they will never interact with the TL server directly):

  • /jde:
    When navigating to /jde, TL will navigate to the JD Edwards logon screen (of the server served by this instance of TL) and automatically try to logon. When that is not possible (due to a missing cross reference for instance) it will simply present the logon screen.
    When one Windows user has multiple JDEdwards users associated, TL will first prompt for tje JDEdwards user to use.
  • /das:
    Identical as the above, but now TL will create a user session in DAS’s Reports Now.
  • /studio:
    Identical as the above, but now TL will create a user session in the Orchestrator Studio (as from tools release 9.3.4).
  • /email:
    TL will now rest the JDEdwards password of the user id correlated to the windows user id and sent a reset mail to the user.
    This requires correct setup of email section and the existance of an email address in the cross reference database.
  • /rest:
    Used for token requests and API calls into JDEdwards.
  • /whoami:
    Used to check the JDEdwars user id(s) correlated to your windows username.

Articles

Was this article helpful to you? Yes No