Trusted Login for Web Time Clock

The Trusted Login feature for Web Time Clock allows users to access the Web Time Clock without having to enter their login credentials. When an external client that has been configured as a trusted host enters the Web Time Clock URL, authentication is performed using the request header variable. If authentication is successful, the user will automatically be logged in and the Web Time Clock menu will display. If authentication is unsuccessful, an error page will display.

See:

How Users are Authenticated

Trusted Login Configuration

How Users are Authenticated

When a request is made from an external client that is in the list of trusted hosts, the header value of the header name in the HTTP header variable that is sent by the requesting client is compared against the Login Name in the Employee form. The Login Name is used to determine the user's Employee Number. If the Employee Number is valid (i.e., it belongs to an active record), the user is automatically logged in and the Web Time Clock menu displays. If the Employee Number is not valid, an error page will display.

Trusted Login Configuration

In order for a user to be authenticated successfully when attempting to access the Web Time Clock, the following pre-requisites must be met:

1. You must have the Web Time Clock license installed on your system.

2. The Web Time Clock module must be enabled.

3. The Web Time Clock's Terminal Profile must have the Login Event Name field set to LOGIN_XML_PERSON_NUM.

4. The trusted_hosts setting value in the Application Settings form must include the external host's IP address or host name. If you are using a proxy server, the IP Address or Host Name of the Proxy Server must also be listed in the trusted_hosts setting value.

5. The auth_kaba_user setting value in the Application Settings form must reflect the header name that contains the login name value.

6. The xmllce_url setting value for WEB_TIME_CLOCK must include the port you are using. The default port value is 8080.

7. The person attempting to log in to the Web Time Clock must have a unique Employee and Login Name in the Employee form.

8. The header value of the header name field in the HTTP header variable sent from the requesting client must correspond with the user's Login Name in the Employee form. This applies to the external client configuration.

If authentication fails, an error page will display. If you want to use a different error page other than the default error page, you can configure it in the Application Settings form. See "Configuration Steps" below.

CONFIGURATION STEPS

Make sure you have the license installed and/or module enabled

1. Click Main Menu > Configuration > System > Licensing.

2. Find the Web Time Clock record.

3. The following boxes must be checked: Licensed and Module Enabled.

Configure the Terminal Profile Login Event Name

1. Click Main Menu > Configuration > Terminal > Terminal.

2. Find the Terminal Name WEBTIMECLOCK and take note of the Terminal Profile it uses.

3. Navigate to Main Menu > Configuration > Terminal > Terminal Profile.

4. Select the Terminal Profile you noted in step 2.

5. Click Modify.

6. For Login Event Name, select LOGIN_XML_PERSON_NUM.

7. Click Save.

8. Click Update Server.

Configure the Application Settings

1. Click Main Menu > Configuration > System > Application.

2. Click the Application Settings tab to select it.

3. Select the trusted_hosts setting for WEB_TIME_CLOCK and click Modify.

4. In the Setting Value field, enter a comma-separated list of host names or IP addresses. This list represents the clients that will use trusted login for the Web Time Clock.

   Note: If you are using a proxy server, the IP Address or Host Name of the Proxy Server must also be listed in the trusted_hosts setting value.

5. Click Save.

6. Select the auth_kaba_user setting for WEB_TIME_CLOCK and click Modify.

7. In the Setting Value field, enter the header name that will have the login name value. The header name is sent by the requesting client. The header value will be used to determine who the user is.

8. Click Save.

9. If you are using a port other than 8080 for the Web Time Clock, select the xmllce_url setting for WEB_TIME_CLOCK and click Modify.

   Note: This step applies only if you are using a port other than 8080.

10. Modify the Setting Value to reflect the correct port number. For example, http://localhost:8180/XMLLCE/.

11. If you modified the xmllce_url setting, you will need to exit the Web Time Clock and log back in to make the change take effect. You may also have to restart the application server in order to make the change take effect.

12. Click Save.

Make sure the Web Time Clock user has an Employee Num and Login Name

1. Click Main Menu > Employee Management > Employee.

2. Each person record has a Login Name value. Use the horizontal scrollbar to view the Login Name and check if there is a value.

To add a new record, click Add in the Employee form or use the Import feature.

Configure the error page (optional)

When authentication fails for a user, a default error page will display. If you want to use a different error page other than the default error page:

1. Click Main Menu > Configuration > System > Application.

2. Click the Application Settings tab to select it.

3. Select the auth_error_url setting for WEB_TIME_CLOCK and click Modify.

4. Enter the URL of the page you want to display if user authentication fails.

5. Click Save.

The configuration is now complete. The table below displays the settings that are configured in the Application Settings form for trusted login with the Web Time Clock: