Client Settings - Authentication

These settings define how user credentials are checked during login.

Basic authentication settings:

• Mode: Select the authentication method used to check user credentials:
  • Standard: Standard login with user name and password.
  • ExternalSource: User authentication via an external LDAP server.

    External source configuration including authentication via an external LDAP server is not yet documented for Alfabet 11 releases. You can find information about external source configuration in the documentation of Alfabet 10.15.

  • SSO_WinUser: Windows Sign-On is used for user authentication. The Windows login data are used to check user credentials. This method can only be used for access to the Alfabet user interface via the Alfabet Web Application.
  • SSO_Certificates: Access to Alfabet is granted to all users authenticated via client server Web certificates. This method can only be used for access to the Alfabet user interface via the Alfabet Web Application.
  • SSO_FederatedAuthentication: Access to Alfabet is granted to all users successfully logged in to a company's federated authentication system. This method can only be used for access to the Alfabet user interface via the Alfabet Web Application.
  • Request Credentials URL: A link Click here to request access credentials can be displayed on the login screen. New users that would like to have access to Alfabet but do not yet have a user name and password assigned can click the link that will lead them either to a URL for web-based request of user credentials or will open an email to a predefined email addressed to the system administrator granting access to Alfabet.

    The link for request of access credentials will only be displayed if this attribute is set.

    If a URL is defined in the field, the link on the login screen will open the defined URL. The URL must be defined starting with http:// or https://.

    If an email address is defined in the field, the link in the login screen will open an email to the defined email address with the default mail client of the user with the subject line Access Credential Request. The email address must be defined as mailto: followed by the email address.

  • Authentication Connection Test Log File: For all Single Sign-on authentication mechanisms, the information about the authentication process can be written in a log file. Optionally, you can change the name of the authentication log file. If you do not specify a path, the file will be located in the physical directory of the Alfabet Web Application. The path specification must be an absolute path. This file is only relevant for testing the connectivity. During normal operation, the field should be cleared. Make sure that the Alfabet Web Application has Write permissions for the file.

Additional settings for certificates

• Certificate Attribute: Enter the name of the certificate attribute that is used to identify the user. Depending on the setting of the Certificate Value Format attribute, either the whole attribute is used as user name for the authentication, or the attribute is scanned for text written in parenthesis and the text in parenthesis is then used as the user name. The user name may be optionally amended by a specified prefix or suffix defined via the User Name Prefix and User Name Suffix attributes.
• Certificate Value Format: Select the method used to read the user name from the certificate attribute defined in the Certificate Attribute attribute.

  If EntireValue is selected, the entire value defined in the Certificate Attribute attribute will be used as user name for the authentication. If Parentheses is selected, the attribute will be scanned for text written in parenthesis and the text in parenthesis is then used as the user name. The user name may be optionally amended by a specified prefix or suffix defined via the User Name Prefix and User Name Suffix attributes.

• User Name Prefix: If the Certificate Value Format attribute is set to Parentheses, enter a prefix that shall be added to the certificate attribute part in parentheses to generate the login name for the user, if applicable.
• User Name Suffix: If the Certificate Value Format attribute is set to Parentheses, enter a suffix that will be added to the certificate attribute part in parentheses to generate the login name for the user, if applicable.

Additional settings for authentication via an external LDAP server

• External Source: Enter the name of the external source or external source pool that shall be used for user authentication. The name is specified with the Name attribute of the external source (pool) in the external source configuration.

  External source configuration is not yet documented for Alfabet 11 releases. You can find information about external source configuration in the documentation of Alfabet 10.15.