String search
Word search

Select the authentication type and enable a secure connection

Authentication mode

PRISMAdirect offers single sign on. Therefore, [Windows authentication] is integrated with Active Directory.

  1. Click [System] - [Security] - [General settings].

  2. Select the authentication type.

    • Windows authentication

      • When the server is a member of the Microsoft Windows domain, you can select [Windows authentication]. Windows authentication facilitates single sign-on for the operator and for the customers of the web stores.

      • Integration of the web stores and uniFLOW

        Select [Windows authentication] when uniFLOW and PRISMAdirect are member of the same domain or trusted domains.

    • Custom authentication

      • Select [Custom authentication] when your server is not a member of a domain.

      • Select [Custom authentication] when you want to offer single sign-on via CAS or ADFS.

      • Integration of the web stores and uniFLOW

        Select [Custom authentication] when uniFLOW and PRISMAdirect are members of a workgroup or are connected to untrusted domains.

    The installed services always use [Custom authentication].

  3. Click [Save].

Single sign-on providers

You have to select [Custom authentication] when you want to offer single sign-on via CAS or ADFS. Central Authentication Service (CAS) and Active Directory Federation Services (ADFS) are known providers for single sign-on. The single sign-on provider will authenticate customers of the web stores. The provider will store the login credentials of the customers.

  1. Click [System] - [Security] - [General settings].

  2. You can enable only one single sign-on provider.

    • [CAS]

      1. [Ticket validation protocol:]

        You have to select a validation protocol for one of the steps in the authentication process of customers.

        The required protocol depends on how you have configured the CAS server. In this dialog, you need to select the verification protocol that matches the configuration of the CAS server.

      2. [Timeout [min.]:]

        When the timeout expires, PRISMAdirect checks if the customer is still logged in to the single sign-on provider. When the user is still logged in, the timeout value is reset. In this way, PRISMAdirect keeps checking if the customer is still logged in to the single sign-on provider. When PRISMAdirect detects that the customer has logged out from the single sign-on provider, the customer will be logged out from PRISMAdirect as well.

      3. [CAS server URL:]

        Type the URL of the CAS server that must be used to authenticate the customers. Whether you need to add a port number to the URL depends on how you have configured the CAS server.

      4. [CAS server login URL:]

        Type the URL of the login page on the CAS server where customers have to type their login credentials. Whether you need to add a port number to the URL depends on how you have configured the CAS server.

      5. [Server address:]

        Type the address of the PRISMAdirect server. You do not need to provide a port number. The customers will be redirected to PRISMAdirect when they are authenticated.

      6. [LDAP server name]

        Optionally, you can type the name of one LDAP server. For the available LDAP servers, see: [System]  → [Connectivity]  → [LDAP server]  → [LDAP servers]

        You have to use this LDAP server for authentication and to retrieve user data:

        1. Click [System] - [Connectivity] - [LDAP server] - [Authentication & user data].

        2. Drag and drop the LDAP server into field [Servers used for authentication:] and field [Servers used to retrieve user data:].

        3. Click [Save].

        • When a customer logs in with <username> and <password>, PRISMAdirect searches in the LDAP server for this customer.

        • PRISMAdirect does not use the setting [LDAP server name] when a customer logs in with <username>@<domain> and <password>. In this case, PRISMAdirect checks if the domain exists. When the domain exists, PRISMAdirect checks if an LDAP server exists in the concerning domain. When the LDAP server exists, PRISMAdirect searches in the LDAP server for this customer.

        When the LDAP server contains the username of the authenticated customer, then:

        • The customer receives the role of the user group.

        • The profile of the customer will be filled in automatically.

        When the LDAP server does not contain the username, the customer receives the role [Customer]. Also, the profile of the customer is empty.

    • [ADFS]

      1. [Metadata for endpoint:]

        You have to load a file containing metadata to configure the endpoint for ADFS. You can find the metadata file on the ADFS server. The default path is:

        https://{ADFSserver}/federationmetadata/2007-06/federationmetadata.xml

      2. [Server address:]

        Type the address of the PRISMAdirect server. You do not need to provide a port number. The customers will be redirected to PRISMAdirect when they are authenticated.

      3. [LDAP server name]

        Optionally, you can type the name of one LDAP server. For the available LDAP servers, see: [System]  → [Connectivity]  → [LDAP server]  → [LDAP servers]

        You have to use this LDAP server for authentication and to retrieve user data:

        1. Click [System] - [Connectivity] - [LDAP server] - [Authentication & user data].

        2. Drag and drop the LDAP server into field [Servers used for authentication:] and field [Servers used to retrieve user data:].

        3. Click [Save].

        • When a customer logs in with <username> and <password>, PRISMAdirect searches in the LDAP server for this customer.

        • PRISMAdirect does not use the setting [LDAP server name] when a customer logs in with <username>@<domain> and <password>. In this case, PRISMAdirect checks if the domain exists. When the domain exists, PRISMAdirect checks if an LDAP server exists in the concerning domain. When the LDAP server exists, PRISMAdirect searches in the LDAP server for this customer.

        When the LDAP server contains the username of the authenticated customer, then:

        • The customer receives the role of the user group.

        • The profile of the customer will be filled in automatically.

        When the LDAP server does not contain the username, the customer receives the role [Customer]. Also, the profile of the customer is empty.

      [Timeout [min.]:]

      You have to define a timeout when you configure the ADFS server. When the timeout expires, PRISMAdirect checks if the customer is still logged in to the single sign-on provider. When the user is still logged in, the timeout value is reset. In this way, PRISMAdirect keeps checking if the customer is still logged in to the single sign-on provider. When PRISMAdirect detects that the customer has logged out from the single sign-on provider, the customer will be logged out from PRISMAdirect as well.

  3. [Test connection]

    Click this button to test the connection to the server of the single sign-on provider.

  4. Click [Save].

Secure connection

Orders can be sent from web stores to the [Order processing] console. You can configure if you want to use a secure connection between the server and the web server.

  1. Click [System] - [Security] - [General settings].

  2. [Use secure connections (HTTPS)]

    Enable this option to use a secure HTTPS connection between the server and the web server. If you enable this option you have to have a certificate. A certificate guarantees a secure (HTTPS) connection.

  3. Click [Save].

Parent topic:
Security
Privacy Terms of use Cookie information