Trusted Login for the Web Application

The Trusted Login feature for the Web application allows users to access the Web application without having to enter their login credentials. When an external client that has been configured as a trusted host enters the Web URL, authentication is performed using the request header variable. If authentication is successful, the user will automatically be logged in. If authentication is unsuccessful, an error page will display.

See:

How Users are Authenticated

Trusted Login Configuration

 

How Users are Authenticated

When a request is made from an external client that is in the list of trusted hosts, the header value of the header name in the HTTP header variable that is sent by the requesting client is compared against the Login Name in the Employee table. The Login Name is used to determine the user's Employee. If the Employee is valid (i.e., it belongs to an active record), the user is automatically logged in and the Web menu displays. If the Employee is not valid, an error page will display.

 

Trusted Login Configuration

In order for a user to be authenticated successfully when attempting to access the Web application, the following pre-requisites must be met:

  1. The trusted_hosts setting value in the Application Settings form must include the external host's IP address or host name. If you are using a proxy server, the IP Address or Host Name of the Proxy Server must also be listed in the trusted_hosts setting value.

  2. The auth_kaba_user setting value in the Application Settings form must reflect the header name that contains the login name value.

  3. The person attempting to log in must have a unique Employee and Login Name in the Employee form.

  4. The header value of the header name field in the HTTP header variable sent from the requesting client must correspond with the user's Login Name in the Employee form. This applies to the external client configuration.

  5. The target URL that is linked to from an external system must be in the following format:

    http://[HOSTNAME]:[PORT]/autotime/main/trustedlogin.faces

If authentication fails, an error page will display. If you want to use a different error page other than the default error page, you can configure it on the Application Settings form. See "Configuration Steps" below.

 

CONFIGURATION STEPS

Configure the Application Settings (pre-requisites 1-2):

  1. Click Main Menu > Configuration > System > Application.

  2. Click the Application Settings tab to select it.

  3. Select the trusted_hosts setting for WEB and click Modify.

  4. In the Setting Value field, enter a comma-separated list of host names or IP addresses. This list represents the clients that will use trusted login for the Web application.

  5. Click Save.

    Note: If you are using a proxy server, the IP Address or Host Name of the Proxy Server must also be listed in the trusted_hosts setting value.

  6. Select the auth_kaba_user setting for WEB and click Modify.

  7. In the Setting Value field, enter the header name that will have the login name value. The header name is sent by the requesting client. The header value will be used to determine who the user is.

  8. Click Save.

Make sure the Web user has an Employee Num and Login Name (pre-requisite 7):

  1. Click Main Menu > Employee Management > Employee.

  2. Each person record has a Login Name value. Use the horizontal scrollbar to view the Login Name and check if there is a value.

To add a new record, click Add on the Employee form or use the Import feature.

Configure the error page (optional)

When authentication fails for a user, a default error page will display. If you want to use a different error page other than the default error page:

  1. Click Main Menu > Configuration > System > Application.

  2. Click the Application Settings tab to select it.

  3. Select the auth_error_url setting for WEB and click Modify.

  4. Enter the URL of the page you want to display if user authentication fails.

  5. Click Save.

The configuration is now complete. The table below displays the settings that are configured on the Application Settings form for trusted login with the Web application:

Setting Type

Details

Setting Value (Example)

auth_error_url

The setting value field represents the page that will display when:

  • The requesting client does not send a header name value that is listed in the auth_kaba_user setting value.

    -or-

  • Authentication for trusted login is not successful. For example, the header value of the header name in the HTTP header variable sent by the requesting client does not correspond with any Login Names on the Employee form.

 

http://www.google.com/

auth_kaba_user

Identifies the header variable that has the login name which is used to determine who the user is and automatically authenticate them.

Note: Multiple values must be comma separated.

 

abcd_login_name

trusted_hosts

Lists the external clients that are using trusted login to access the Web application.

Note: Multiple values must be comma separated.

 

hostname,1.2.3.4