Portal Authentication Methods

This topic provides information about:

EMS applications do not natively support SAML. You must use our Portal Authentication to use SAML.

ClosedServer Variable Method (Header Variable)

Server Variable/Header Variable is a collection of variables that are set by Internet Information Server (IIS). 

Applications like SiteMinder create custom server variables for portal site use.

Set the Portal Authentication Method parameter to Server Variable and type the appropriate variable for the Portal Authentication Variable parameter. Direct users to your EMS Web App Default.aspx page.

ClosedServer Variable Method – Federated (SAML)

As of Update 23 (March 2018), SAML authentication for the EMS Web App is supported through EMS Platform Services. We recommend this method for configuring SAML.

SAML can be leveraged for authentication with your EMS applications by leveraging our portal authentication method and a service provider of your choosing.

Method 1: Locally installed Service Provider

Using this method, you install a service provider of choice on the webserver hosting the EMS web applications. All traffic is routed through that service provider (typically via an ISAPI filter). This service provider will manage all of the authentication for the user. Once the user has successfully authenticated, it will pass an identifier for the user to the EMS application using one of our portal methods. In this scenario typically the Server Variable (Header) method is used.

Method 1 Configuration Steps

  1. Install and configure a service provider on the EMS web server
  2. Set the service provider to protect the specified EMS web applications
  3. Configure the service provider to pass the required user attributes
  4. In EMS Desktop Client, configure the EMS Web App parameter “Portal Authentication Method”
  5. In EMS Desktop Client configure the applicable Portal Authentication Variables.

Method 2

This method can be common if there is already a server configured with a service provider in your environment, handling authentication for other applications. In EMS Desktop Client, you can configure your application to re-direct any login requests to the other server to be authenticated. Once the user is authenticated, the server with your service provider installed sends the user back to the EMS Desktop Client with an identifier for the user in the header, or within a cookie. The EMS application reads this header, or cookie value, and leverages portal authentication to sign the user in with the matched credentials.

Method 2 Configuration Steps

  1. Install and configure a service provider on the EMS web server
  2. Set the service provider to protect the specified EMS web applications
  3. Configure the service provider to pass the required user attributes
  4. In EMS Desktop Client configure the EMS Web App parameter “Portal Authentication Method”
  5. In EMS EMS Desktop Client, configure the applicable Portal Authentication Variables.
  6. In EMS EMS Desktop Client, change the Login URL under Configuration > Everyday User Applications > Web App Menus.
    1. Select Login.aspx and click Edit
    2. Enter in the URL to your Remote Service Provider
  7. Configure your remote Service provider to send the user back to the default.aspx page of the web application that the request originated from.

ClosedEMS Desktop Client Configuration

Reference our Portal Authentication section for further details about the configuration required within EMS. There are many options available. You will need to know the method that the user identifying value will be passed and the name of that value. Other values can also be passed (for example, email address and phone number) to aid in automatic web user account provisioning.

Session Method

A session is a way to provide/maintain user state information in an inherently stateless environment.  It provides access to a session-wide cache you can use to store information.

To use the session method, set the Portal Authentication Method parameter to Session and type the appropriate variable for the Portal Authentication Variable parameter.  Then create an asp.net web page and name it with the .aspx extension similar to the example below.  The asp.net web page created must be copied into the EMS Web App root web directory.  It must be copied there for EMS Web App to read the session variable.

You will need to pass through the user’s email address or external reference to your asp.net web page.

Code example in vb.net:

<%@ Import Namespace="System" %>
<script runat="server" language="vb">
            Sub Page_Load(ByVal sender As System.Object, ByVal e As System.EventArgs)
                        Session.Item("EMS Web AppSession") = "test@emssoftware.com"
                        Response.Redirect("Default.aspx")
            End Sub
</script>

Form Method

Forms enable client-side users to submit data to a server in a standardized format via HTML. The creator of a form designs the form to collect the required data using a variety of controls, such as INPUT or SELECT. Users viewing the form fill in the data and then click Submit to send the data to the server.

To use the form method, set the Portal Authentication Method parameter to Form and type the appropriate variable for the Portal Authentication Variable parameter.  To create portals through a form, create a web page with a form similar to below.  Once the user logs on through the portal, the form below can be submitted to log the user on to EMS Web App.

Code example in HTML:

            <Form name="form1" method="Post" action=" http://[ServerName]/ EMSWebApp/Default.aspx ">

                        <input type="hidden" id="EMS Web AppFORM" name="EMS Web AppFORM" value="test@emssoftware.com>

                        <input type="submit" value="submit">

</form>

Cookie Method

A cookie is a small piece of information stored by the browser. Each cookie is stored in a name/value pair called a crumb—that is, if the cookie name is "id" and you want to save the id's value as "this", the cookie would be saved as id=this.

You can store up to 20 name/value pairs in a cookie, and the cookie is always returned as a string of all the cookies that apply to the page.  This means that you must parse the string returned to find the values of individual cookies.  Cookies accumulate each time the property is set.  If you try to set more than one cookie with a single call to the property, only the first cookie in the list will be retained.

To use the cookie method, set the Portal Authentication Method parameter to Cookie and type the appropriate variable for the Portal Authentication Cookie Key parameter.  Then create a web page with code similar to below.  Once the user logs on through the portal, take their user logon information and create a cookie.  After the cookie is created send the user to your EMS Web App Default.aspx page.

Code example in Active Server Pages 2.0:

<%@LANGUAGE="VBSCRIPT" %>

<%

            Response.Expires = -1

            Response.Cookies("EMS Web AppCookie")("CookVal") = "test@emssoftware.com"

            Response.Cookies("EMS Web AppCookie").Path = "/"

            Response.Cookies("EMS Web AppCookie").Expires = DateAdd("m", 3, Now)

            Response.Redirect("http://[ServerName]/ EMSWebApp/Default.aspx ")

%>

Query String Method

A query string is information appended to the end of a page's URL.  An example using portal authentication is below.

Code example:

              http://[ServerName]/ EMSWebApp/Default.aspx?MCQS=test@emssoftware.com

To use the query string method, set the Portal Authentication Method parameter to Query String and type the appropriate variable for the Portal Authentication Variable parameter.