<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
span.EmailStyle25
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:70582818;
mso-list-template-ids:-524782876;}
@list l0:level1
{mso-level-start-at:2;
mso-level-tab-stop:36.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l1
{mso-list-id:385295433;
mso-list-template-ids:-2121508534;}
@list l1:level1
{mso-level-start-at:2;
mso-level-tab-stop:36.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l1:level2
{mso-level-start-at:2;
mso-level-number-format:alpha-lower;
mso-level-tab-stop:72.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l2
{mso-list-id:462619326;
mso-list-template-ids:-1487916278;}
@list l3
{mso-list-id:541744480;
mso-list-template-ids:-201686074;}
@list l3:level1
{mso-level-start-at:2;
mso-level-tab-stop:36.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l3:level2
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:72.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l4
{mso-list-id:1022828716;
mso-list-template-ids:1573702148;}
@list l5
{mso-list-id:1444497251;
mso-list-type:hybrid;
mso-list-template-ids:1512875412 201916433 201916441 201916443 201916431 201916441 201916443 201916431 201916441 201916443;}
@list l5:level1
{mso-level-text:"%1\)";
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l5:level2
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l5:level3
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
text-indent:-9.0pt;}
@list l5:level4
{mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l5:level5
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l5:level6
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
text-indent:-9.0pt;}
@list l5:level7
{mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l5:level8
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l5:level9
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
text-indent:-9.0pt;}
@list l6
{mso-list-id:1600209907;
mso-list-type:hybrid;
mso-list-template-ids:1710918008 201916433 201916441 201916443 201916431 201916441 201916443 201916431 201916441 201916443;}
@list l6:level1
{mso-level-text:"%1\)";
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:32.2pt;
text-indent:-18.0pt;}
@list l6:level2
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l6:level3
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
text-indent:-9.0pt;}
@list l6:level4
{mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l6:level5
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l6:level6
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
text-indent:-9.0pt;}
@list l6:level7
{mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l6:level8
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l6:level9
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
text-indent:-9.0pt;}
@list l7
{mso-list-id:1848789132;
mso-list-template-ids:-688987626;}
@list l7:level2
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:72.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;}
ol
{margin-bottom:0cm;}
ul
{margin-bottom:0cm;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-AU" link="blue" vlink="purple" style="word-wrap:break-word">
<div class="WordSection1">
<p class="MsoNormal"><span style="mso-fareast-language:EN-US">Hi Liglio,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<div>
<p class="MsoNormal"><span style="color:black">3) The Mapguide configuration I was referring to was the layers, maps, and all the other things you can see and edit with Maestro/studio, as well as user data. This data, typically XML, can be read and written
via REST calls. An example of these rest calls can be accessed via the web tier test page (<a href="http://localhost/mapguide/mapagent/">http://localhost/mapguide/mapagent/</a></span> ). There are also call you can make to retrieve and create users and roles.
By doing this step, I can guarantee that each Mapguide server has the same layers, data, maps, users, etc. Typically I do not touch the serverconfig.ini files.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">6) Rather than creating a Mapguide account for each user, I hand over authentication to the company’s identity management service, typically Azure AD. To do this, you have to first register your Mapguide site as an app within Azure (here
is a video on how to do that <a href="https://youtu.be/YWvl0cIilyA">https://youtu.be/YWvl0cIilyA</a>). Once the app is registered, the user’s login process looks something like this:<o:p></o:p></p>
<p class="MsoNormal" style="margin-left:36.0pt">a) The user goes to the load balancer address (which I will call the Mapguide site from now on) in a browser.<o:p></o:p></p>
<p class="MsoNormal" style="margin-left:36.0pt">b) If the user doesn’t have an auth token, they are redirected to the company’s azure site to login, using their corporate account.<o:p></o:p></p>
<p class="MsoNormal" style="margin-left:36.0pt">c) After successful login, they are redirected back to the Mapguide site.<o:p></o:p></p>
<p class="MsoNormal" style="margin-left:36.0pt">d) Once the user has an auth token, I query active directory to see which group(s) the user is in.<o:p></o:p></p>
<p class="MsoNormal" style="margin-left:36.0pt">e) Based on the user’s group information, I will create a new Mapguide session with the relevant Mapguide access. Typically by using generic Mapguide accounts.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">User sessions are not shared between servers. The sessions are deleted when the user closes their browser, or the server disconnects the user (typically due to timeout settings). Do you have a use case/user story to keep or share the user
session beyond its life?<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Mark<o:p></o:p></p>
</div>
</div>
</body>
</html>