Authentication Mode

The authenticationMode parameter specifies the method used to authenticate users. You can use it to specify whether or not to use a current user session, or to force a Login dialog even if there is a current user session. It also allows you to specify either LDAP or single sign-on authentication.

This parameter can work in conjunction with the “externalLogin” URL override, which can be included in the URL when invoking Workspace. For more information about this override, see Launching a WCC Application Using an External Login.

Note that any changes made to this parameter must be made in the config.xml file on disk; it is not available via the Configuration Administrator. This is because this parameter configures behavior prior to login, so values stored in the database (updated via Configuration Administrator) are not accessible as the user has not logged in yet.

Procedure

  1. Open the config.xml file.

    For information about how this file should be opened (i.e., via the Configuration Administrator or via the file system), see Introduction.

  2. Locate the authenticationMode record in the config.xml file. For example:
    <record jsxid="authenticationMode" mode="useSessionByDefault" useLDAP="false">
    </record>
  3. Set the mode and useLDAP attributes as follows:
    • mode
      • loginByDefault - If "externalLogin=true" is specified in the application URL, use the existing session if valid. If no valid session exists, display the Login dialog.

        If "externalLogin=false" is specified in the application URL, invalidate the session and display the Login dialog.

        If the “externalLogin” parameter is not specified in the application URL, default to invalidating the session and display the Login dialog.

      • useSessionByDefault - By default, use the existing session if it is valid, and do not display the Login dialog. If no valid session exists, display the Login dialog. Use this value in single sign on (SSO) implementations. In SSO implementations, the session is controlled externally to the application, therefore the Login dialog is not needed.
      • alwaysLogin - Always invalidate an existing session and display the Login dialog.
    • useLDAP
      • true - Perform authentication using LDAP.
      • false - Perform authentication using single sign-on.

        If the server is configured to do LDAP authentication, and useLDAP is set to "false" in config.xml, clients by default will authenticate via SSO .

        Note: Openspace and Workspace (as well as custom WCC applications) can be configured to allow dual authentication, meaning that the application concurrently supports both direct authentication and SSO authentication. When configured for dual authentication, users can log in using direct authentication, even if ActiveMatrix BPM is configured to use SSO authentication.

        For additional information about dual authentication, see Dual Authentication.

  4. Save and close the config.xml file.