Authentication Mode

The authenticationMode parameter specifies the method used to authenticate users. You can use it to specify whether or not to use a current user session, or to force a Login dialog even if there is a current user session. It also allows you to specify either LDAP or single sign-on (SiteMinder or Kerberos) authentication.

This parameter can work in conjunction with the “externalLogin” URL override, which can be included in the URL when invoking Workspace. For more information about this override, see Launching a WCC Application Using an External Login.

Note that any changes made to this parameter must be made in the config.xml file on disk; it is not available via the Configuration Administrator. This is because this parameter configures behavior prior to login, so values stored in the database (updated via Configuration Administrator) are not accessible as the user has not logged in yet.

Procedure

  1. Open the config.xml file.

    For information about how this file should be opened (i.e., via the Configuration Administrator or via the file system), see Introduction.

  2. Locate the authenticationMode record in the config.xml file. For example: 
    <record jsxid="authenticationMode" mode="useSessionByDefault" useLDAP="false">
</record>
  3. Set the mode and useLDAP attributes as follows:
    • mode
      • loginByDefault - If "externalLogin=true" is specified in the application URL, use the existing session if valid. If no valid session exists, display the Login dialog.

        If "externalLogin=false" is specified in the application URL, invalidate the session and display the Login dialog.

        If the “externalLogin” parameter is not specified in the application URL, default to invalidating the session and display the Login dialog.

      • useSessionByDefault - By default, use the existing session if it is valid, and do not display the Login dialog. If no valid session exists, display the Login dialog. Use this value in single sign on (SSO) implementations, such as SiteMinder or Kerberos. In SSO implementations, the session is controlled externally to the application, therefore the Login dialog is not needed.
      • alwaysLogin - Always invalidate an existing session and display the Login dialog.
    • useLDAP
      • true - Perform authentication using LDAP.
      • false - Perform authentication using single sign-on -- SiteMinder or Kerberos.

        If the server is configured to do LDAP authentication, and useLDAP is set to "false" in config.xml, clients by default will authenticate via SiteMinder or Kerberos. However, a particular invocation of the client can specify to use LDAP authentication (instead of single sign-on) by including the "ldap=true" URL override on the application URL (for more information, see Launching a WCC Application Using an External Login). If the server is not configured for LDAP authentication, any use of "ldap=true" on the URL or "useLDAP=true" in config.xml is ignored; in this case authentication must be via single-sign-on.

  4. Save and close the config.xml file.