Here you configure customer authentication (student) and single sign-on options.
Single sign-on allows customers to sign-on once and use the authentication for all eRATEX features that may need authentication (AR, Student Card, Booklist, and so on).
Note: Single sign-on is only available for LDAP authentication.
Related CAS Parameters
Parameter
Name
Description
RATEX.AuthenticationService.CAS.Debug
Enable this to export the CAS
ticket validation response to the images folder for debugging.
Enable this to persist the CAS
token when an anonymous customer signs in. This will limit the number of
times the customer will have to authenticate.
RATEX.AuthenticationService.CAS.SkewSeconds
Number of seconds to allow for
skew when checking NotBefore and NotOnOrAfter conditions in the CAS response.
Used to adjust for differences in time between eRATEX server and CAS
authentication server. Should be small (less than 10 seconds). Defaults to 0
if left empty. This is only useful if the
RATEX.AuthenticationService.CAS.TicketValidator AppConfig is set to Saml11.
RATEX.AuthenticationService.CAS.TicketValidator
Ticket validator to use for CAS
authentication. Not all CAS services support SAML 1.1 (SAML11), but it is the
only option that supports passing attributes back to eRATEX for use with
features like the Personalized Booklist.
RATEX.AuthenticationService.CAS.TokenLifetime
Enter the number of seconds that
the CAS authentication token should remain valid after a student
authenticates. Enter 0 or leave this value blank to prevent token
persistence, and the student will have to re-authenticate every time
authentication is necessary.
RATEX.AuthenticationService.CAS.URLPrefix
URL prefix for CAS
authentication service, including the trailing slash (/). This is appended
with the ticket validator parameter name. For example, if the ticket
validation URL is https://secure.example.com/cas/validate, the prefix would
be https://secure.example.com/cas/
Related LDAP Configuration Parameters
Parameter
Name
Description
RATEX.AuthenticationService.LDAP.AuthType
Specifies the Authentication
Type to use when connecting to the LDAP server.
RATEX.AuthenticationService.LDAP.BackupServer
Backup server to use for LDAP
Authentication (IP Address or host name). This server will only be used if a
connection cannot be established to the primary server.
RATEX.AuthenticationService.LDAP.BaseDN
Distinguished name of the
object at which to start the search for the student's credentials.
RATEX.AuthenticationService.LDAP.BindDN
If you have enabled the
RATEX.StudentAuthentication.LDAP.UseSelfBind AppConfig, set this value to the
Distinguished Name format to use to bind the with the customer's credentials.
Use {0} in the format as a placeholder for the customer's User ID. For example,
uid={0},ou=users,dc=ratex,dc=com
Enable this to log any LDAP
authentication messages to the System Log for debugging.
RATEX.AuthenticationService.LDAP.Filter
Filter string to use when
searching for the student record. {0} will be replaced with the value the
customer enters as their Student ID. For example "(uid={0})" would
search using the uid field.
RATEX.AuthenticationService.LDAP.Port
The TCP port to use to connect
to the LDAP server.
Enable this to persist the LDAP
token when an anonymous customer signs in. This will limit the number of
times the customer will have to authenticate.
RATEX.AuthenticationService.LDAP.ProtocolVersion
LDAP protocol version to use.
RATEX.AuthenticationService.LDAP.ProxyDomain
Domain of the proxy user to use
when connecting to the LDAP server. Leave blank if not authenticating to a
domain.
RATEX.AuthenticationService.LDAP.ProxyPassword
Password of the proxy user to
use when connecting to the LDAP server.
RATEX.AuthenticationService.LDAP.ProxyUserDN
Distinguished name of the proxy
user to use when connecting to the LDAP server.
RATEX.AuthenticationService.LDAP.SearchScope
The search scope to use when
searching for the student's credentials.
RATEX.AuthenticationService.LDAP.Server
Server to use for LDAP
Authentication (IP Address or host name)
RATEX.AuthenticationService.LDAP.TokenLifetime
Enter the number of seconds
that the LDAP authentication token should remain valid after a student
authenticates. Enter 0 or leave this value blank to prevent token
persistence, and the student will have to re-authenticate every time
authentication is necessary.
RATEX.AuthenticationService.LDAP.UseSelfBind
Enable this option if your LDAP
server supports eRATEX attempting to bind directly using the credentials the
customer enters. You'll also need to specify a value for the
RATEX.StudentAuthentication.LDAP.BindDN AppConfig, and you can leave the
RATEX.StudentAuthentication.LDAP.Proxy AppConfigs blank.
RATEX.AuthenticationService.LDAP.UseSSL
Set to true to use SSL when
connecting to the LDAP server.
Related SAML Configuration Parameters
Parameter
Name
Description
RATEX.AuthenticationService.SAML.Debug
Enable this to export the Authn
Response as XML to the images folder for debugging.
Enable this to persist the
SAML/Shibboleth token when an anonymous customer signs in. This will limit
the number of times the customer will have to authenticate.
RATEX.AuthenticationService.SAML.SkewSeconds
Number of seconds to allow for
skew when checking NotBefore and NotOnOrAfter conditions in SAML Response.
Used to adjust for differences in time between eRATEX server and IdP server.
Should be small (less than 10 seconds). Defaults to 0 if left empty.
RATEX.AuthenticationService.SAML.TokenLifetime
Enter the number of seconds
that the SAML authentication token should remain valid after a student
authenticates. Enter 0 or leave this value blank to prevent token
persistence, and the student will have to re-authenticate every time
authentication is necessary.
Single Sign-On (SSO) Settings
Note: These settings are for LDAP authentication only.
Setting
Parameter Name
Description
Enable SSO
RATEX.StudentAuthentication.SSO.Enabled
Single Sign On (SSO) is used for
synchronizing the student's information from the university with their eRATEX
customer account. This does not work with all Authentication Services, so
contact support if you have questions.
Email Format
RATEX.StudentAuthentication.SSO.EmailFormat
Regular expression to match
against the customer's email address at sign in to trigger student
authentication. Set to blank to match all email addresses. For example, to
match email addresses in only a specific domain, use
"@domain\.com$" (no quotes).
Sync Password
RATEX.StudentAuthentication.SSO.SyncPassword
Enable this to synchronize the
eRATEX customer account password with the student's university password.
The name of the attribute sent
with the authentication response that contains the student's Email. This is
required if students may be signing in with something other than an email
address. This can be left blank if students will be using their university
email address to sign in.
Regular expression to use to
extract individual group names from the Group Membership attribute returned
in the authentication response. Use a named grouping with the following
syntax: (?...) For example, to extract the Common Name for a group from an LDAP-style
distinguished name, you could use: cn=(?[^,]*?)(?:,|$)
Student Group Names
RATEX.StudentAuthentication.SSO.StudentGroupNames
Comma-separated list of group
names that indicate the authenticated user is a student.
Customer Level ID to assign to
customers identified as being students. This must be an existing Customer
Level, or set to 0 to not assign a specific customer level to students.
Enable this to clear the
Customer Level of any customer that is successfully authenticated but is not
detected as a student. If you are using Customer Levels for other
authenticated customers, such as employees, you should disable this.
Related SSO Parameters
Parameter
Name
Description
RATEX.StudentAuthentication.Enabled
Set to true to enable Student
Authentication using the service selected in the
RATEX.StudentAuthentication.ServiceName AppConfig
RATEX.StudentAuthentication.NetIDField
The name of the attribute sent
with the authentication response that holds the student's Net ID that will be
sent to VR with the order. This value is common to all authentication
services. If specified, this must exactly match the name or friendly name of
an attribute returned in the authentication response, and is case-sensitive.
RATEX.StudentAuthentication.ServiceName
Select the type of
authentication service to use for Student Authentication.
Email This Article
Previous Article
Next Article