RemoteAuth: Customizing Settings

Print Friendly and PDF Follow

The following customization keys must be configured in order to enable remote authentication (RemoteAuth) for ILLiad. All keys are located in the ILLiad Customization Manager under Web Interface | Authentication, with the exception of UseLegacyRemoteAuthHandling which is located under System | System:

RemoteAuthSupport

Determines if RemoteAuth is being used by one of the web directories. Set this key to Yes to enable RemoteAuth for the web directory configured in the RemoteAuthWebPath key. Example: Yes or No

When this key is set to Yes, the WebAuthType customization key should be set to RemoteAuth
RemoteAuthUserVariable

The name of the server variable containing the ILLiad username that is sent from the authenticating server. Example: HTTP_REMOTE_USER

The RemoteAuthUserVariable key is only applicable to ILLiad 9.0 and any previous versions. ILLiad 9.1 has replaced this key and added a Username entry to RemoteAuthValidation table. See Authentication Enhancements for more information.
RemoteAuthWebLogoutURL The URL to send a user to after logging out of an ILLiad web directory controlled by remote authentication. Example: http://www.abc.edu/logout or logon2.html
RemoteAuthWebPath The web directory containing the ILLiad web files and DLL controlled by remote authentication. Example: C:\inetpub\wwwroot\illremoteauth
WebAuthType Tells ILLiad which type of authentication is being used for web users. The value of this key should be set to RemoteAuth
UseLegacyRemoteAuthHandling

When set to Yes, ILLiad will retrieve remote authentication fields from HTTP headers in addition to server variables.

If you are configuring remote authentication using the ILLiad integrated SAML module, please ensure this key is set to No

Dual Authentication Support

You can enable RemoteAuth for a particular web directory while still keeping a separate web directory for users to register themselves via Basic ILLiad authentication. To configure dual authentication support, the RemoteAuthWebPath key should be set to the directory controlled by remote authentication while the WebPath key (located under Web Interface | System | WebPath) should be set to the directory not controlled by remote authentication. When the RemoteAuthSupport key is set to Yes to enable remote authentication, ILLiad will check the directory accessed by the web user and determine if that user should be authenticated remotely or by ILLiad.

Preventing Password Expiration Prompts for RemoteAuth Users

The release of ILLiad 9.0 introduced new options for enabling password expiration for ILLiad users. To prevent the password expiration prompts from displaying for RemoteAuth users when RemoteAuth is enabled for ILLiad (i.e., when the RemoteAuthSupport key is set to Yes), the WebAuthType key must be set to RemoteAuth in the ILLiad Customization Manager as described above. If the WebAuthType key is not set to RemoteAuth, users who have authenticated remotely will still be prompted to change their password once the expiration date is reached. 

User Clearance Options

For RemoteAuth authentication, users who validate against the authenticating server can be cleared automatically by setting the AutoClearPreregisteredUsers customization key to Yes in the Customization Manager (located under Web Interface | Authentication). If that key is set to Yes, those pre-cleared users can be sent a welcome email by turning on the AutoClearSendEMail key to Yes in the Customization Manager (also located under Web Interface | Authentication). The email template, autoclearcust.txt, can be edited in the Customization Manager on the Notification Templates tab by selecting the Auto Cleared User template from the Edit button. 

NotificationTemplate.jpg

 

Questions?

If this article didn’t resolve your issue, please contact Atlas Support for assistance:

Contact Support