Server Administration

 

 

 

 

 

 

 

Username Prefix

Used in non-Active Directory environments where the user

 

 

name is prefixed with a specific string such as uid= or cn=.

 

 

The following sample prefixes are widely used but refer to a

 

 

specific LDAP schema:

 

 

uid=

 

 

cn=

 

Master Username

Required for single-sign-on. User name that has admin

 

 

permission to browse the LDAP tree. Used to browse the

 

 

LDAP tree to get user groups.

 

 

 

 

Master Password

Required for single-sign-on. Password for Master Username.

 

 

 

 

Ind. Group ObjectClass

A group attribute in the LDAP database. Identifies which

 

 

entries will be searched for user memberships.

 

 

 

 

Ind. Group Identifier

The group attribute that uniquely identifies a group. MCS will

 

 

match the values returned for this attribute with group names

 

 

entered on the User Groups page.

 

 

 

 

† ETV Portal Server required field. All others are optional.

Note The Softerra LDAP Browser 2.6 provides an Explorer-like LDAP client you can use to browse the LDAP tree. It is available for Windows only and can be downloaded free of charge from Softerra at http://www.ldapbrowser.com

Single Sign-On

To use single sign-on, go to Access Control and then check Enable Authentication and

Authorization and Use LDAP Database. If the LDAP server is Microsoft Active Directory, you can select Use Integrated Windows Authentication to enable "MCS Single Sign-on." This means that once you login to your local network with your assigned credentials, you can open ETV Portal Server without re-entering your login credentials. ETV Portal Server uses your assigned credentials to authenticate and authorize your defined permissions within the application. (If using an LDAP directory other than Microsoft's Active Directory, VBrick strongly recommends using SSL to encrypt the communication between the Portal Server server and the LDAP directory. Please consult your LDAP vendor documentation for instructions on how to configure SSL.) When configuring for Integrated Windows Authentication, keep the following points in mind:

Integrated Windows Authentication is only valid when using LDAP Authentication with Microsoft Active Directory.

You must perform an additional configuration step in IIS as explained below in Configuring IIS for Single Sign-On.

Integrated Windows Authentication only works seamlessly with Microsoft Internet Explorer browsers (Windows and Macintosh). When accessing ETV Portal Server, you will get a popup login window only if you have not previously logged in to the network.

When using Integrated Windows Authentication, all single-sign-on users must have an Active Directory account and the Portal Server must be part of the Windows domain.

When using Integrated Windows Authentication, Microsoft Internet Explorer's default behavior is that it will not prompt for an ID/password when the server is in the Local Intranet Zone. (By default, Internet Explorer assumes a URL without a period (.). This

ETV Portal Server Admin Guide

71

Page 81
Image 81
VBrick Systems ETV v4.1 manual Single Sign-On