Portal or Federated Authentication
This topic provides information on the overview and installation of Portal Authentication.
Portal Authentication Overview
The Portal Authentication method provides EMS Web App single sign-on capability using your organization’s portal (e.g., CAS, Shibboleth, SiteMinder, Plumtree, uPortal, etc.). When a user who is logged into your portal accesses EMS Web App, a predefined user-specific variable (e.g., email address, employee/student ID, network ID, etc.) captured by your portal/sign-on page is compared against corresponding information recorded in the Network ID and/or External Reference fields of your EMS Everyday User records. If a match exists, the Everyday User will be automatically logged-into EMS Web App.
The Field Used to Authenticate Everyday User parameter (within System Administration > Settings > Parameters > Everyday User Applications tab) is used by EMS Web App to determine which value should be used for authentication.
Several built-in authentication methods to pass-in credentials are available including:
- Server Variable (Header Variable)
- Session
- Form
- Cookie
- Query String
- Federated (SAML)
Installation/Configuration
- Within the Everyday User Applications parameters area of EMS (System Administration > Settings > Parameters (Everyday User Applications tab), set the following parameters:
Area |
Description |
Value |
---|---|---|
Authentication |
Portal Authentication Cookie Key |
Required if Portal Authentication Method = Cookie |
Authentication |
Portal Authentication Method |
Server Variable Session Form Cookie Query String |
Authentication |
Portal Authentication Variable |
User variable to be compared against the EMS Everyday User External Reference/Network ID field |
- Direct users to the default EMS Web App page. If the default installation settings were used, the default page is:
(http://[ServerName]/EMSWebApp/Default.aspx)
(replace [ServerName] with the name of your web server)
Redirect User Log In to Your SSO Provider
Administrators can hide the login form on the My Home page and instead, present a single Sign In button that links to the override URL. Open the web.config file and locate the following code to customize the redirect:
<!--<add key="loginOverrideUrl" value=""/>-->
Additionally, you can do the same for user log out:
<!--<add key="logoutOverrideUrl" value=""/>-->
Changing the URL in these areas means that when users log in or out, they will pass through your SSO provider.
Specify a Different Default Home Page for Guest Users
Additionally, you can now specify a different site home page for unauthenticated users.