The Single Sign On facility allows another application to control user access to ExtraView. When this is enabled through ExtraView\u2019s behavior settings (see above), the SSO application is entirely responsible for the authentication of each user. Once the authentication is complete, the SSO application forwards the authenticated information to ExtraView, and ExtraView automatically signs on the user. If necessary, and subject to any licensing restrictions, a new user will be created within ExtraView.<\/p>\n
When ExtraView is configured to use SSO as the user authentication mechanism, the user points their browser to the SSO sign on page. ExtraView extracts the user ID and other pertinent data from the HTTP request header and automatically logs the user into ExtraView \u2013 no ExtraView sign on page is displayed. During the sign on process, ExtraView will access all of the user\u2019s information in the LDAP Server, assuming this is configured. A new ExtraView user will be created, if the user does not exist. If the user exists in the ExtraView database, their record is updated to ensure synchronization with the LDAP server.<\/p>\n
The \u201clogin\u201d HTTP header from SSO contains the authenticated user\u2019s information. ExtraView administrative data held in the security_user table defines the headers that are used by ExtraView and where in ExtraView each field is stored. All of these fields map to the individual fields that contain user data. This mapping is used in conjunction with the LDAP user data, bypassing the need for an administrator to add a new user specifying this information.<\/p>\n
In the ExtraView configuration file (Configuration.properties<\/span>), these fields are mapped to match the host header data as shown in the following example:<\/p>\n As well as the fields such as USER_NAME and CITY in the example above, you can also map the user defined fields in the ExtraView security_user table. There are five of those, named USER_FIELD_1 through USER_FIELD_5.<\/p>\n Notes:<\/strong><\/p>\n SSO_DN_USER_ID_ATTRIBUTE<\/span> – short for Distinguished Name User ID Attribute – indicates two behaviors:<\/p>\n Another example is:<\/p>\n cn=2055092,cn=Users,dc=dsd,dc=fmcna,dc=com<\/span><\/p>\n In this case, SSO_DN_USER_ID_ATTRIBUTE=cn<\/span> would still work to establish 2055092 as the user_id.<\/p>\n If the DN is:<\/p>\n cn=Users,cn= 2055092,dc=dsd,dc=fmcna,dc=com<\/span><\/p>\n then the SSO_DN_USER_ID_ATTRIBUTE=cn#2<\/span> would establish the 2055092<\/span> as the user_id<\/span> (the #2<\/span> indicates that the second instance of the attribute should be used). Note that cn#1<\/span> and cn<\/span> act the same when used as configuration values for SSO_DN_USER_ID_ATTRIBUTE.<\/p>\n","protected":false},"excerpt":{"rendered":" The Single Sign On facility allows another application to control user access to ExtraView. When this is enabled through ExtraView\u2019s behavior settings (see above), the SSO application is entirely responsible for the authentication of each user. Once the authentication is complete, the SSO application forwards the authenticated information to ExtraView, and ExtraView automatically signs on…<\/p>\n","protected":false},"author":1,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_acf_changed":false,"_lmt_disableupdate":"","_lmt_disable":"","_kad_blocks_custom_css":"","_kad_blocks_head_custom_js":"","_kad_blocks_body_custom_js":"","_kad_blocks_footer_custom_js":"","_kad_post_transparent":"","_kad_post_title":"","_kad_post_layout":"","_kad_post_sidebar_id":"","_kad_post_content_style":"","_kad_post_vertical_padding":"","_kad_post_feature":"","_kad_post_feature_position":"","_kad_post_header":false,"_kad_post_footer":false,"footnotes":""},"class_list":["post-22339","page","type-page","status-publish","hentry"],"acf":[],"yoast_head":"\n\n\n
\n \n\t\t\t\t#############################
\n\t\t\t\t## SSO HEADER MAPPING ##
\n\t\t\t\t#############################
\n\t\t\t\tSSO_PRIMARYKEY = USER_NAME
\n\t\t\t\tSSO_SURNAME = SURNAME
\n\t\t\t\tSSO_GIVENNAME = GIVEN_NAME
\n\t\t\t\tSSO_EMAIL = EMAIL_ADDRESS
\n\t\t\t\tSSO_STREET = STREET
\n\t\t\t\tSSO_CITY = CITY
\n\t\t\t\tSSO_STATE = STATE
\n\t\t\t\tSSO_POSTALCODE = POSTALCODE
\n\t\t\t\tSSO_COUNTRY = COUNTRY
\n\t\t\t\tSSO_PHONE = TELEPHONE_NUMBER
\n\t\t\t\tSSO_MOBILE = MOBILE_NUMBER
\n\t\t\t\tSSO_PAGER = PAGER_NUMBER
\n\t\t\t\tSSO_COMPANYNAME = COMPANYNAME<\/span>
\n\t\t\t\t <\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n\n
\n\tThe SSO_DN_USER_ID_ATTRIBUTE<\/h3>\n
\n