Portal or Federated Authentication

This topic provides information on the overview and installation of Portal Authentication.

ClosedPortal Authentication Overview 

The Portal Authentication method provides EMS Web App single sign-on capability using your organization’s portal (e.g., CAS, Shibboleth, SiteMinder, Plumtree, uPortal, etc.). When a user who is logged into your portal accesses EMS Web App, a predefined user-specific variable (e.g., email address, employee/student ID, network ID, etc.) captured by your portal/sign-on page is compared against corresponding information recorded in the Network ID and/or External Reference fields of your EMS Everyday User records. If a match exists, the Everyday User will be automatically logged-into EMS Web App.

The Field Used to Authenticate Everyday User parameter (within System Administration > SettingsParameters > Everyday User Applications tab) is used by EMS Web App to determine which value should be used for authentication.

Several built-in authentication methods to pass-in credentials are available including:

  • Server Variable (Header Variable)
  • Session
  • Form
  • Cookie
  • Query String
  • Federated (SAML)

ClosedInstallation/Configuration 

  1. Within the Everyday User Applications parameters area of EMS (System Administration > SettingsParameters (Everyday User Applications tab), set the following parameters:

Area

Description

Value

Authentication

Portal Authentication Cookie Key

Required if Portal Authentication Method = Cookie

Authentication

Portal Authentication Method

Server Variable

Session

Form

Cookie

Query String

Authentication

Portal Authentication Variable

User variable to be compared against the EMS Everyday User External Reference/Network ID field

  1. Direct users to the default EMS Web App page. If the default installation settings were used, the default page is:

    (http://[ServerName]/EMSWebApp/Default.aspx)
    (replace [ServerName] with the name of your web server)

Redirect User Log In to Your SSO Provider

Administrators can hide the login form on the My Home page and instead, present a single Sign In button that links to the override URL. Open the web.config file and locate the following code to customize the redirect:

<!--<add key="loginOverrideUrl" value=""/>-->
Additionally, you can do the same for user log out:
<!--<add key="logoutOverrideUrl" value=""/>-->
Changing the URL in these areas means that when users log in or out, they will pass through your SSO provider.

Specify a Different Default Home Page for Guest Users

Additionally, you can now specify a different site home page for unauthenticated users.