Aeon offers a variety of methods to authenticate patrons of the system. Some of these methods require external systems or authenticating servers; details on those requirements are within each section below. In all authentication methods, the username must be unique across the entire database and any passwords stored are one-way encrypted so that staff or database administrators cannot know the users' passwords. The authentication type is set using the WebAuthType customization key in the Aeon Customization Manager. Standard Aeon authentication sets the user's AuthType (Users.AuthType) to Aeon, while all other authentications set the AuthType to Default.
Concepts Common to All Authentication Methods
While each authentication method has some special features to it, there are some concepts that are common to all authentication methods in Aeon. Usernames must be unique across the database. Passwords stored by Aeon are one-way encrypted and cannot be revealed to staff or customers if forgotten. Some authentication methods such as LDAP and RemoteAuth do not store the user's password in the database, but those that do encrypt it so that it cannot be reversed to the plain text version and only compared to what the user enters at login.
Regardless of the pre-registering or authenticating system, all users can be blocked and/or disavowed by staff in the Aeon Desktop Client or Aeon Web Client. Aeon checks for the user's cleared status last before attempting to display the web interface home page or a request form.
Users who do not register via the Aeon web interface can be added by staff in the Aeon Desktop Client or Aeon Web Client. This allows staff to accept exclusive authentication methods such as LDAP, PatronAPI Exclusive, Aeon Exclusive, etc as defined by the WebAuthType key or to override the default value and assign a value of Aeon by checking the Aeon Authentication checkbox to select Standard Aeon authentication.