Add module

The modules use the information that the filters supply to perform the login.

LDAP

The LDAP module uses the directory service that is set up for the current website to verify the username and password.

• View all login results: Used if you have users with the same username in multiple directories, this allows the user to be given the option to choose which user to use when logging in.
• Control flag:
  • Optional
  • Required
  • Requisite
  • Sufficient

System login

This module is used to verify the login of the system user.

The control flag should be sufficient.

Secure cookie

This function enables you to enable automatic login for users. The user can choose to save their login so that the session is stored in a secure cookie.

• Enable "Save session" as default -Select if login should be saved by default.
• Cookie lifetime (in days) - The validity period expires if the user does not visit the website within the selected number of days and must log in again.
• Use restrictions - Conditions to restrict the option to save logins based on criteria.
  Click Add restriction to add a restriction.
• Control flag - must be Optional.

Social Authentication

SAML 2

SAML stands for Security Assertion Markup Language and is an XML-based open standard for exchanging authentications and permissions.

SAML is a federated login method that organises your own login against AD without the need for direct contact with AD.

• Group attributes: This attribute is used by Sitevision to set up virtual groups to manage permissions. This can be a name or a search path in the directory. <saml:Attribute Name = "the name of the group attribute". > These attribute values are those that are set up as virtual groups.

• Split group attributes containing ",": When you have a composite group attribute where the groups are separated by commas. Normally, the attributes have separate attribute values and you thus do not need to check this box. If you check the box and the attributes are not combined, the SAML configuration will not work.
• Mobile attribute: To read in attributes for mobile numbers.
• Predefined schema name (openidp, cgi, visma): Prints the predefined schema that you want your setting to follow.
• Enable logging at debug level: Prints detailed information in the Sitevision server log. Good to turn on at setup. But turn this box off when SAML in production (generates many log printouts).
• Enable "Single logout": Check this if you want users to be able to be logged out with Sitevision's module login status. There will then be a redirect to /saml/Logout
• Control flag: Should be Sufficient.

Open ID Connect

OpenID Connect is an authentication layer that sits on top of the OAuth 2.0 authorization standard. It is used to create federated logins.

The technology is JSON-based and requires less network traffic than its older sibling SAML2.

• Group attribute: This attribute will be used by Sitevision to set up virtual groups to manage permissions. The name of the group attribute tells which Claim in the JWT to use for groups. If the value for the group attribute is formatted as a JSON array, Sitevision will handle this as multiple values, otherwise this is seen as a single group. The field only needs to be filled in if something other than groups is to be used as a group attribute. Sitevision will use groups by default if the field is left blank.
  
  Example:
  • groups: group1 - Sitevision interprets this as a group: group1.
  • groups: group1,group2 - Sitevision interprets this as a group: group1,group2.
  • groups: ["group1", "group2"] - Sitevision interprets this as two groups: group1 and group2
    
    
• Enable logging at debug level - Prints detailed information in the Sitevision server log. Good to turn on at setup. But turn this box off in production (generates many log printouts).
• Control flag - Should be Sufficient.

JSON Web Token

JSON Web Token can be used to log in users based on a signed JSON Web Token (JWT). A common flow is to terminate the traffic in a load balancer/proxy to initiate login. The logged in user is then sent to Sitevision along with a JWT that identifies the user.

The module retrieves the signed JWT extracted via the JSON Web Token Filter.

• Group attribute: This attribute will be used by Sitevision to set up virtual groups to manage permissions. The name of the group attribute tells which Claim in the JWT to use for groups
• Enable logging at debug level: Prints detailed information in the Sitevision server log. Good to turn on at setup. But turn this box off in production (generates many log printouts).
• Control flag for module: Should be Sufficient.

Text

This module can be used if you want text entered into the login form.

MobilityGuard

The module uses headers from the external security solution MobilityGuard External link, opens in new window. to identify users.

If Mobilityguard and Sitevision are connected to the same LDAP server, the Mobilityguard filter is sufficient, otherwise you will need to use this module.

Below is an image of the settings you need to make in the module. MobilityGuard sends the necessary information via headers to Sitevision. You must enter the name of the headers that come from MobilityGuard.

CAS

CAS is open source software for single sign-on (SSO) for web applications.
Instead of Sitevision managing the login, this is done by a central service outside of Sitevision.

OpenID

Module that creates the user, receives all the information from OpenID.

CAS 3

• Group attribute - Map the group attribute on the virtual group to this setting
• Control flag - Must be set to optional.

Swedish e-identity

Module that creates the user, receives all information from Swedish e-identity. External link, opens in new window.