Differenze tra le versioni di "Domain authentication and SSO"
(→Domain connection) |
(→Domain connection) |
||
Riga 4: | Riga 4: | ||
Domain connection(s) can be managed in General\System\LM Settings with superadmin role. | Domain connection(s) can be managed in General\System\LM Settings with superadmin role. | ||
+ | |||
+ | In tab LDAP Properties is possible to manage a list of domain connection(s) | ||
+ | {| class="wikitable" | ||
+ | ! Field !! Description !! Comment | ||
+ | |||
+ | |- | ||
+ | |<u>Configuration Name</u> || TBC. || | ||
+ | |||
+ | |- | ||
+ | |<u>Host</u> || TBC. || | ||
+ | |||
+ | |- | ||
+ | |<u>BaseDN</u> || TBC. || | ||
+ | |||
+ | |- | ||
+ | |<u>Server Type</u> || TBC. || | ||
+ | |||
+ | |- | ||
+ | |<u>Active</u> || TBC. || TBC. | ||
+ | |||
+ | |} | ||
+ | |||
+ | By click on button Add New is possible to add a domain connection filling the following properties | ||
+ | {| class="wikitable" | ||
+ | ! Field !! Description !! Comment | ||
+ | |||
+ | |- | ||
+ | |<u>Configuration Name</u> || TBC. || | ||
+ | |||
+ | |- | ||
+ | |<u>Host</u> || TBC. || | ||
+ | |||
+ | |- | ||
+ | |<u>Server Type</u> || TBC. || | ||
+ | |||
+ | |- | ||
+ | |<u>BaseDN</u> || TBC. || | ||
+ | |||
+ | |- | ||
+ | |<u>Bind User</u> || TBC. || | ||
+ | |||
+ | |- | ||
+ | |<u>Bind Password</u> || TBC. || TBC. | ||
+ | |||
+ | |- | ||
+ | |<u>Active</u> || TBC. || TBC. | ||
+ | |||
+ | |- | ||
+ | |<u>Sample user's login</u> || TBC. || TBC. | ||
+ | |||
+ | |- | ||
+ | |<u>Sample user's password</u> || TBC. || TBC. | ||
+ | |||
+ | |- | ||
+ | |<u>Checked</u> || TBC. || TBC. | ||
+ | |||
+ | |} | ||
+ | |||
+ | A domain connection shall be activable only after it was checked: use button Check to verify it. | ||
+ | At click on button Check: itmSUITE will try to send a request to domain with inserted credentials. | ||
+ | |||
+ | If at least 1 connection is active the users with same login on domain could use domain credentials instead of itmSUITE crdentials. | ||
+ | In this case the authentication follows these steps: | ||
+ | 1. itmSUITE check if login inserted is existing in its DB, otherwise access is not allowed | ||
+ | 2. itmSUITE send a request with pair login, password to domain controller | ||
+ | 3. The domain controller check if the login inserted is existing in domain and if password is correct | ||
+ | 4. If domain controller respose is positive: itmSUITE allows access | ||
+ | 5. If domain controller response is negative: itmSUITE check password on its DB and grants access if check is positive, otherwise access is not allowed | ||
+ | |||
+ | More than one connection to domain(s) can be active at the same time: in this case the above step 2 is executed on each active connction. | ||
== Use of SSO (Single Sign On) == | == Use of SSO (Single Sign On) == | ||
== Sync itmSUITE Users with Domain users == | == Sync itmSUITE Users with Domain users == |
Versione delle 14:46, 21 mar 2016
This page contains detailed information on the configuration of LDAP / NTLM.
Domain connection
Domain connection(s) can be managed in General\System\LM Settings with superadmin role.
In tab LDAP Properties is possible to manage a list of domain connection(s)
Field | Description | Comment |
---|---|---|
Configuration Name | TBC. | |
Host | TBC. | |
BaseDN | TBC. | |
Server Type | TBC. | |
Active | TBC. | TBC. |
By click on button Add New is possible to add a domain connection filling the following properties
Field | Description | Comment |
---|---|---|
Configuration Name | TBC. | |
Host | TBC. | |
Server Type | TBC. | |
BaseDN | TBC. | |
Bind User | TBC. | |
Bind Password | TBC. | TBC. |
Active | TBC. | TBC. |
Sample user's login | TBC. | TBC. |
Sample user's password | TBC. | TBC. |
Checked | TBC. | TBC. |
A domain connection shall be activable only after it was checked: use button Check to verify it. At click on button Check: itmSUITE will try to send a request to domain with inserted credentials.
If at least 1 connection is active the users with same login on domain could use domain credentials instead of itmSUITE crdentials. In this case the authentication follows these steps: 1. itmSUITE check if login inserted is existing in its DB, otherwise access is not allowed 2. itmSUITE send a request with pair login, password to domain controller 3. The domain controller check if the login inserted is existing in domain and if password is correct 4. If domain controller respose is positive: itmSUITE allows access 5. If domain controller response is negative: itmSUITE check password on its DB and grants access if check is positive, otherwise access is not allowed
More than one connection to domain(s) can be active at the same time: in this case the above step 2 is executed on each active connction.