Windows Authentication
Documentation
home
See also: User Authentication
Windows Authentication is
a user authentication option that is supplied with the system. When activated,
the Windows domain user name is used as the authenticated userid,
and optionally additional information about the user can be extracted from
Active Directory.
Windows Authentication is
configured as shown below using the User Authentication page of the
Server Admin App.
Prerequisites:
- The Verj.io server
must be running within a Windows domain.
- IIS must be used as a front-end web-listener
with users routed to the Verj.io server via the
AJP connector (or similar). The Windows
Authentication option within IIS must be selected.
Options/Buttons
- Test
Windows Domain User: This
button extracts the Windows user name of the signed on user and reports
it. If this test fails to return a user name, the prerequisites listed
above have not been correctly implemented.
- Allow
Non-Windows Users: when this
option is selected, users will be allowed access to the system even when a
Windows user name cannot be found. Typically you would select this option
if you wanted to mix both public and intranet users in the same system.
You could then limit access to internal administration forms based on
whether or not the user was signed on ( system.securityManager.isUserLoggedOn() ) or
whether they have certain roles ( system.securityManager.hasRole(roleName) ). When this option is not selected, only
valid Windows users will have access.
The
following options require that LDAP parameters are configured to connect to the
Active Directory server. This is done using the Security Properties page of the
Server Admin App. Caution!: the connection to Active Directory should be tested
before activating the options below.
- Test
Active Directory Search: This
button performs an Active Directory search using the currently signed on
user name, and reports a list of A/D groups found for the user. If this
test is successful the two options below can be safely activated. If the
test fails because of connection problems to A/D, the LDAP connection
parameters should be revisited on the Security Properties page of
the Server Admin App .
- Automatically
populate roles from AD: when
this option is selected, the system will connect to Active Directory and
extract all AD groups. A role is
created for each AD group. Roles can be checked by an application using:
system.securityManager.hasRole(roleName)
- Automatically
populate credentials from AD:
when this option is selected, the system will connect to Active Directory
and extract the named attributes and create a credential for each
attribute. Credentials can be checked by an application using:
system.securityManager.getCredential(credentialName)