The Trusted Login feature for the Web application allows users to access the Web application without having to enter their login credentials. When an external client that has been configured as a trusted host enters the Web URL, authentication is performed using the request header variable. If authentication is successful, the user will automatically be logged in. If authentication is unsuccessful, an error page will display.
See:
When a request is made from an external client that is in the list of trusted hosts, the header value of the header name in the HTTP header variable that is sent by the requesting client is compared against the Login Name in the Employee table. The Login Name is used to determine the user's Employee. If the Employee is valid (i.e., it belongs to an active record), the user is automatically logged in and the Web menu displays. If the Employee is not valid, an error page will display.
In order for a user to be authenticated successfully when attempting to access the Web application, the following pre-requisites must be met:
The trusted_hosts setting value in the Application Settings form must include the external host's IP address or host name. If you are using a proxy server, the IP Address or Host Name of the Proxy Server must also be listed in the trusted_hosts setting value.
The auth_kaba_user setting value in the Application Settings form must reflect the header name that contains the login name value.
The person attempting to log in must have a unique Employee and Login Name in the Employee form.
The header value of the header name field in the HTTP header variable sent from the requesting client must correspond with the user's Login Name in the Employee form. This applies to the external client configuration.
The target URL that is linked
to from an external system must be in the following format:
http://[HOSTNAME]:[PORT]/autotime/main/trustedlogin.faces
If authentication fails, an error page will display. If you want to use a different error page other than the default error page, you can configure it on the Application Settings form. See "Configuration Steps" below.
Configure the Application Settings (pre-requisites 1-2):
Click Main Menu > Configuration > System > Application.
Click the Application Settings tab to select it.
Select the trusted_hosts setting for WEB and click Modify.
In the Setting Value field, enter a comma-separated list of host names or IP addresses. This list represents the clients that will use trusted login for the Web application.
Click Save.
Note: If you are using a proxy server, the IP Address or Host Name of the Proxy Server must also be listed in the trusted_hosts setting value.
Select the auth_kaba_user setting for WEB and click Modify.
In the Setting Value field, enter the header name that will have the login name value. The header name is sent by the requesting client. The header value will be used to determine who the user is.
Click Save.
Make sure the Web user has an Employee Num and Login Name (pre-requisite 7):
Click Main Menu > Employee Management > Employee.
Each person record has a Login Name value. Use the horizontal scrollbar to view the Login Name and check if there is a value.
To add a new record, click Add on the Employee form or use the Import feature.
Configure the error page (optional)
When authentication fails for a user, a default error page will display. If you want to use a different error page other than the default error page:
Click Main Menu > Configuration > System > Application.
Click the Application Settings tab to select it.
Select the auth_error_url setting for WEB and click Modify.
Enter the URL of the page you want to display if user authentication fails.
Click Save.
The configuration is now complete. The table below displays the settings that are configured on the Application Settings form for trusted login with the Web application:
Setting Type |
Details |
Setting Value (Example) |
auth_error_url |
The setting value field represents the page that will display when:
|
http://www.google.com/ |
auth_kaba_user |
Identifies the header variable that has the login name which is used to determine who the user is and automatically authenticate them. Note: Multiple values must be comma separated.
|
abcd_login_name |
trusted_hosts |
Lists the external clients that are using trusted login to access the Web application. Note: Multiple values must be comma separated.
|
hostname,1.2.3.4 |