The following customization keys must be configured in order to enable remote authentication (RemoteAuth) for ILLiad. All keys are located in the ILLiad Customization Manager under Web Interface | Authentication, with the exception of UseLegacyRemoteAuthHandling which is located under System | System:
RemoteAuthSupport |
Determines if RemoteAuth is being used by one of the web directories. Set this key to Yes to enable RemoteAuth for the web directory configured in the RemoteAuthWebPath key. Example: Yes or No When this key is set to Yes, the WebAuthType customization key should be set to RemoteAuth.
|
---|---|
RemoteAuthUserVariable |
The name of the server variable containing the ILLiad username that is sent from the authenticating server. Example: HTTP_REMOTE_USER The RemoteAuthUserVariable key is only applicable to ILLiad 9.0 and any previous versions. ILLiad 9.1 has replaced this key and added a Username entry to RemoteAuthValidation table. See Authentication Enhancements for more information.
|
RemoteAuthWebLogoutURL | The URL to send a user to after logging out of an ILLiad web directory controlled by remote authentication. Example: http://www.abc.edu/logout or logon2.html |
RemoteAuthWebPath | The web directory containing the ILLiad web files and DLL controlled by remote authentication. Example: C:\inetpub\wwwroot\illremoteauth |
WebAuthType | Tells ILLiad which type of authentication is being used for web users. The value of this key should be set to RemoteAuth. |
UseLegacyRemoteAuthHandling |
When set to Yes, ILLiad will retrieve remote authentication fields from HTTP headers in addition to server variables. If you are configuring remote authentication using the ILLiad integrated SAML module, please ensure this key is set to No.
|
Dual Authentication Support
You can enable RemoteAuth for a particular web directory while still keeping a separate web directory for users to register themselves via Basic ILLiad authentication. To configure dual authentication support, the RemoteAuthWebPath key should be set to the directory controlled by remote authentication while the WebPath key (located under Web Interface | System | WebPath) should be set to the directory not controlled by remote authentication. When the RemoteAuthSupport key is set to Yes to enable remote authentication, ILLiad will check the directory accessed by the web user and determine if that user should be authenticated remotely or by ILLiad.
Preventing Password Expiration Prompts for RemoteAuth Users
The release of ILLiad 9.0 introduced new options for enabling password expiration for ILLiad users. To prevent the password expiration prompts from displaying for RemoteAuth users when RemoteAuth is enabled for ILLiad (i.e., when the RemoteAuthSupport key is set to Yes), the WebAuthType key must be set to RemoteAuth in the ILLiad Customization Manager as described above. If the WebAuthType key is not set to RemoteAuth, users who have authenticated remotely will still be prompted to change their password once the expiration date is reached.
User Clearance Options
For RemoteAuth authentication, users who validate against the authenticating server can be cleared automatically by setting the AutoClearPreregisteredUsers customization key to Yes in the Customization Manager (located under Web Interface | Authentication). If that key is set to Yes, those pre-cleared users can be sent a welcome email by turning on the AutoClearSendEMail key to Yes in the Customization Manager (also located under Web Interface | Authentication). The email template, autoclearcust.txt, can be edited in the Customization Manager on the Notification Templates tab by selecting the Auto Cleared User template from the Edit button.