Filters are used to obtain login information from the HTTP request. For example, it may be a question of retrieving parameters or values from a cookie.
This information will then be used by the modules to perform the login against, for example, a directory service via LDAP.
This filter uses parameters to obtain usernames and passwords. Either via POST or GET, which means that the following address can be used to identify the user:
BASIC Authentication is based on the browser sending an HTTP header containing the username and password to the server.
By default, this filter should be standard because of web clients that can only handle this way of logging in, for example. Here you can read a more detailed description of how BASIC works.
CAS is open source software for single sign-on (SSO) for web applications. Instead of SiteVision managing the login, Here you can read more about CAS.
Developers can create their own filters and use them in SiteVision. Further information about this can be found on page Custom JAAS modules (only available in English)
CAS3 uses the SAML1.1 protocol to authenticate users. It includes support for "attributes release".
The client address filter used to obtain the client’s IP address, which can then be used to assign read access rights based on IP addresses.
The configurable filter can be used for example if you have your own security solution for which there is no ready filter. Here you can choose how the username, password, and authtype are retrieved from the HTTP request.
The following types are possible:
Specialised filter for managing headers that come from the security solution MobilityGuard.
It does not matter in what order this filter comes in the filter chain.
Specialised filter for managing cookies from the security solution PortWise.
OpenId is a standard that enables a federated login *. Often used to provide users with single log in to a community or blog. Used by Google, Facebook and Yahoo, among others. Read more at http://openid.net/
* Federated login = A user can log in to an organisation/service with an identity from another organisation or identity publisher.
In SiteVision there is a connection to Swedish e-identity’s "cloud-based" login services. When the login module in SiteVision is used, the Swedish e-identity login service is called up, which performs the user login process according to the rules defined. Read more about Swedish e-identity.
Microsoft has made a protocol SPNEGO that allows automatic login over Kerberos.
Set AD correctly and read about Kerberos before making settings here.
Read more about logging in with Kerberos from Apache Tomcat on their website Windows Authentication How-To.
This is outdated technology. We recommend SAML instead.
NTLM is a proprietary login method used primarily by Internet Explorer. This login method enables automatic login to SiteVision.
There are some limitations:
The filter handles redirects for automatic login via the secure cookie (see secure cookie module)
This filter must be configured if the Secure cookie login is to work.
SAML stands for Security Assertion Markup Language and is an XML-based open standard for exchanging authentications and permissions.
SAML is a federated login method that organises your own login against AD without the need for direct contact with AD. Add an SAML filter to make settings:
To help you create an SAML filter, you can use the SAML configuration guide.
This function requires you to have a license for SAML.
SAML 2 should be at the bottom of the filter list, because the filters are read from bottom to top.
The page published: 2019-04-08