Differenze tra le versioni di "Domain authentication and SSO"
Da itm wiki.
| Riga 1: | Riga 1: | ||
Domain connection(s) can be managed in General\System\LM Settings with superadmin role. | Domain connection(s) can be managed in General\System\LM Settings with superadmin role. | ||
| − | In tab LDAP Properties is possible to manage a list of domain connection(s). | + | In tab <u>''LDAP Properties''</u> is possible to manage a list of domain connection(s). |
| − | Is possile to define connection(s) related to differente domain(s) or to same domain but with different BaseDN. | + | Is possile to define connection(s) related to differente domain(s) or to same domain but with different ''[[glossary|BaseDN]]''. |
{| class="wikitable" | {| class="wikitable" | ||
| Riga 24: | Riga 24: | ||
|} | |} | ||
| − | By click on button Add New is possible to add a domain connection filling the following properties | + | By click on button '''Add New''' is possible to add a domain connection by filling the following properties |
| + | |||
{| class="wikitable" | {| class="wikitable" | ||
! Field !! Description !! Comment | ! Field !! Description !! Comment | ||
| Riga 60: | Riga 61: | ||
|} | |} | ||
| − | A domain connection shall be activable only after it was checked: use button Check to verify it. | + | A domain connection shall be activable only after it was checked: use button '''Check''' to verify it. |
| − | At click on button Check: itmSUITE will | + | At click on button '''Check''': ''[[glossary|itmSUITE]]'' will send a request to domain with inserted credentials. |
| − | If at least 1 connection is active the | + | If at least 1 connection is active the ''[[user|itmSUITE]]'' with same login on domain could use domain credentials instead of ''[[user|itmSUITE]]'' credentials. |
In this case the authentication follows these steps: | In this case the authentication follows these steps: | ||
| − | * 1. itmSUITE checks if login inserted is existing in its DB, otherwise access is not allowed | + | * 1. ''[[glossary|itmSUITE]]'' checks if login inserted is existing in its DB, otherwise access is not allowed. |
| − | * 2. itmSUITE sends a request with pair login, password to domain controller | + | * 2. ''[[glossary|itmSUITE]]'' sends a request with pair login, password to domain controller. |
| − | * 3. The domain controller checks if the login inserted is existing in domain and if password is correct | + | * 3. The domain controller checks if the login inserted is existing in domain and if password is correct. |
| − | * 4. If domain controller response is positive: itmSUITE allows access | + | * 4. If domain controller response is positive: ''[[glossary|itmSUITE]]'' allows access. |
| − | * 5. If domain controller response is negative: itmSUITE | + | * 5. If domain controller response is negative: ''[[glossary|itmSUITE]]'' checks password on its DB and grants access if check is positive, otherwise access is not allowed. |
More than one connection to domain(s) can be active at the same time: in this case the above step 2 is executed on each active connection. | More than one connection to domain(s) can be active at the same time: in this case the above step 2 is executed on each active connection. | ||
Versione delle 15:06, 21 mar 2016
Domain connection(s) can be managed in General\System\LM Settings with superadmin role.
In tab LDAP Properties is possible to manage a list of domain connection(s). Is possile to define connection(s) related to differente domain(s) or to same domain but with different BaseDN.
| Field | Description | Comment |
|---|---|---|
| Configuration Name | TBC. | |
| Host | TBC. | |
| BaseDN | TBC. | |
| Server Type | TBC. | |
| Active | TBC. | TBC. |
By click on button Add New is possible to add a domain connection by filling the following properties
| Field | Description | Comment |
|---|---|---|
| Configuration Name | TBC. | |
| Host | TBC. | |
| Server Type | TBC. | |
| BaseDN | TBC. | |
| Bind User | TBC. | |
| Bind Password | TBC. | TBC. |
| Active | TBC. | TBC. |
| Sample user's login | TBC. | TBC. |
| Sample user's password | TBC. | TBC. |
| Checked | TBC. | TBC. |
A domain connection shall be activable only after it was checked: use button Check to verify it.
At click on button Check: itmSUITE will send a request to domain with inserted credentials.
If at least 1 connection is active the itmSUITE with same login on domain could use domain credentials instead of itmSUITE credentials.
In this case the authentication follows these steps:
- 1. itmSUITE checks if login inserted is existing in its DB, otherwise access is not allowed.
- 2. itmSUITE sends a request with pair login, password to domain controller.
- 3. The domain controller checks if the login inserted is existing in domain and if password is correct.
- 4. If domain controller response is positive: itmSUITE allows access.
- 5. If domain controller response is negative: itmSUITE checks password on its DB and grants access if check is positive, otherwise access is not allowed.
More than one connection to domain(s) can be active at the same time: in this case the above step 2 is executed on each active connection.
