Adobe 65015459 Server Guide - Page 42
Authentication workflow
UPC - 883919159980
View all Adobe 65015459 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 42 highlights
ADOBE CONTRIBUTE CS3 39 User Guide LDAP authentication types CPS authenticates users against the LDAP directory. For CPS to authenticate a user, the LDAP server must verify the user's display name. This is usually a unique name in the LDAP tree that is associated with the user. CPS receives only a user name, so it must retrieve the user's display name, based on the user name, to authenticate the user. In your User Directory service configuration, you can select one of four types of LDAP authentication: 1 LDAP bind authenticates users by pre-pending a specified prefix and appending a specified suffix to the user ID. With this method, you can specify only a single prefix and a single suffix. Use this method if all the DNs in your LDAP directory are stored as prefix + + suffix If all DNs are not stored according to this pattern, then this method does not enable you to construct a path to all the users in your system. 2 LDAP bind (auto-find user DN) authenticates users in a two-step process: CPS looks up the user ID of the user who's trying to log in to determine that user's DN, and then uses the DN to authenticate the user. Use this method if all your DNs are not stored according to the same prefix + + suffix pattern. For example, if you have set up CPS to search multiple branches (OUs) of your LDAP tree, and those branches store DNs in different ways, then you should use this authentication method. Although this method requires and extra LDAP search (compared to the LDAP bind method), it gives you more flexibility. 3 Password in file authenticates users using passwords that you specify when you add users to the file-based User Directory. Note: If you use the file-based authentication with an LDAP Directory, you must have a file entry for each user in your LDAP directory. 4 Windows domain uses your organization's Microsoft Windows® authentication solution. If you use this method, the User IDs in your LDAP directory must match your Windows user IDs. Authentication workflow When you attempt to connect to a CPS-managed website through Contribute, the process through which CPS communicates with your organization's LDAP or other user directory service is as follows: 1 Contribute prompts you for user directory authentication credentials. 2 Contribute generates a Simple Object Access Protocol (SOAP) user authentication message, and sends the request to CPS over an SSL-encrypted network connection. Note: While sending SOAP requests to CPS, Contribute sends the request over an SSL encrypted network connection, and uses port 8900 by default. The message timeout is 20 seconds. 3 CPS requests authentication from the LDAP server by using the credentials specified in the SOAP user authentication message. Note: While sending requests to the user directory server, CPS sends the request over an LDAP or LDAPS network connection, and uses ports 389 and 636 by default. The message timeout is 60 seconds. 4 The LDAP server attempts to validate the credentials and sends the resulting confirmation or rejection to CPS. 5 If the authentication was successful, CPS sends a connection key to the Contribute client for each website that you have access to.