The Single Sign On facility allows another application to control user access to ExtraView. When this is enabled through ExtraView’s behavior settings (see above), the SSO application is entirely responsible for the authentication of each user. Once the authentication is complete, the SSO application forwards the authenticated information to ExtraView, and ExtraView automatically signs on the user. If necessary, and subject to any licensing restrictions, a new user will be created within ExtraView.
When ExtraView is configured to use SSO as the user authentication mechanism, the user points their browser to the SSO sign on page. ExtraView extracts the user ID and other pertinent data from the HTTP request header and automatically logs the user into ExtraView – no ExtraView sign on page is displayed. During the sign on process, ExtraView will access all of the user’s information in the LDAP Server, assuming this is configured. A new ExtraView user will be created, if the user does not exist. If the user exists in the ExtraView database, their record is updated to ensure synchronization with the LDAP server.
The “login” HTTP header from SSO contains the authenticated user’s information. ExtraView administrative data held in the security_user table defines the headers that are used by ExtraView and where in ExtraView each field is stored. All of these fields map to the individual fields that contain user data. This mapping is used in conjunction with the LDAP user data, bypassing the need for an administrator to add a new user specifying this information.
In the ExtraView configuration file (Configuration.properties), these fields are mapped to match the host header data as shown in the following example:
############################# ## SSO HEADER MAPPING ## ############################# SSO_PRIMARYKEY = USER_NAME SSO_SURNAME = SURNAME SSO_GIVENNAME = GIVEN_NAME SSO_EMAIL = EMAIL_ADDRESS SSO_STREET = STREET SSO_CITY = CITY SSO_STATE = STATE SSO_POSTALCODE = POSTALCODE SSO_COUNTRY = COUNTRY SSO_PHONE = TELEPHONE_NUMBER SSO_MOBILE = MOBILE_NUMBER SSO_PAGER = PAGER_NUMBER |
As well as the fields such as USER_NAME and CITY in the example above, you can also map the user defined fields in the ExtraView security_user table. There are five of those, named USER_FIELD_1 through USER_FIELD_5.
SSO_DN_USER_ID_ATTRIBUTE - short for Distinguished Name User ID Attribute - indicates two behaviors:
Another example is:
cn=2055092,cn=Users,dc=dsd,dc=fmcna,dc=com
In this case, SSO_DN_USER_ID_ATTRIBUTE=cn would still work to establish 2055092 as the user_id.
If the DN is:
cn=Users,cn= 2055092,dc=dsd,dc=fmcna,dc=com
then the SSO_DN_USER_ID_ATTRIBUTE=cn#2 would establish the 2055092 as the user_id (the #2 indicates that the second instance of the attribute should be used). Note that cn#1 and cn act the same when used as configuration values for SSO_DN_USER_ID_ATTRIBUTE.