elentra_auth.user_data
database table for the username and password provided by the user, then ensures a valid elentra_auth.user_access
database table record exists.LDAP_*
constants in settings.inc.php
. Also, you must ensure that ldap
is present in the AUTH_METHOD
constant.index.php
submits the authentication request to the Elentra API, which attempts the bind to the LDAP server (defined by the LDAP_HOST
constant).LDAP_BIND_REQUIRES_DN
controls whether this user_dn is fully qualified.elentra_auth.user_data
database table's number
field (defined by the LDAP_LOCAL_USER_QUERY_FIELD
constant) for the UniCaPKey
identifier (defined by the LDAP_USER_QUERY_FIELD
constant) returned by the directory for that account.local
and ldap
methods above. The implementation allows for the possibility to have either SSO as an option, or to eliminate the local/LDAP login and force SSO to be used. The setting of AUTH_METHOD
will determine how this works.AUTH_METHOD
chains "sso" with "ldap" or "local", Elentra will present a local login screen, with a link to select SSO or a form to provide local or LDAP credentials.AUTH_METHOD
contains only "sso", the only valid way to authenticate is SSO, so the local login screen will be bypassed completely. On startup of Elentra, you will immediately re-direct to the SSO authority if you are not already logged in.Identity Provider (IDP)
and Service Provider (SP)
components, where the IDP performs the authentication and the SP acts as the interface to the application. In a typical configuration, the IDP would provide SSO services for a range of different websites at the same organization. The Shibboleth Website provides a good overview of the concepts and architecture.Active
or Passive
mode. In Active mode, the Apache webserver configuration determines which pages within Elentra are protected and the system will automatically prompt for SSO authentication before displaying the pages. This method is possible for Elentra, but you will have to very carefully configure the apache web server to allow non-secure access to things like RSS feeds.core/config/settings.inc.php
.core/config/settings.inc.php
settings are related to the Service Provider configuration:.htaccess
file to ensure the login and logout URIs are not re-written.user_data
table, based on the column name contained in AUTH_SSO_LOCAL_USER_QUERY_FIELD. This defaults to the "number" column. Other good candidate columns might be username or email, depending on what your organization is prepared to return from the Identity Provider.core/config/settings.inc.php
number
column of the Elentra Authorization database's user_data
table.AUTH_METHOD
constant in core/config/settings.inc.php
to be "local, ldap" or "ldap, local" (depending on the chain order you prefer) instead of "local" or "ldap".