Auto Login

[email protected] · Post by **[email protected]** » Tue Aug 05, 2008 3:21 pm

Is there a way to automate AwareIM so that my users don't need to login, but instead the system will use Active Directory to authenticate them? I think the only issue with this is that the Busines Space name would need to be included.

So, for example. Let's assume I create a ASP page that has the explicit URLS. Once the user clicks on the link I would like to see the application open without the user entering their credentials. Authentication would occur behind the scenes.

jclark58 · Post by **jclark58** » Wed Aug 06, 2008 1:38 am

Yep Me Too!

aware_support · Post by **aware_support** » Wed Aug 06, 2008 1:39 am

Yes, this is possible - you just need to provide user name and password as parameters of the login URL, for example:

http://localhost:8080/AwareIM/logonOp.do?... &userName=blah&password=blah...

I don't remember the correct URL off the top of my head, but it should be provided in the User Guide

jclark58 · Post by **jclark58** » Wed Aug 06, 2008 1:53 am

Thanks Support I have used that - but it requires manual setup fior each user and wont survive a change when that user changes their password.

What I think is being referred to is a mechanism that uses the concept of a trusted login or single signon. If the user has successfully logged in on one system then the act of opening the new system eg AwareIM app, then this application uses the stored login name and goes to a login server such as Active Directory and gets the password from there. Thus the user is automatically logged into the AwareIM app without a login prompt or password.

This sort of mechanism is common across many systems in the corporate environment and is becomming expected by users.

jclark58 · Post by **jclark58** » Wed Aug 06, 2008 1:59 am

PS The current method also has the disadvantage that a login name AND password must be sent in clear text across the network or Internet - which I dont believe is very good.

aware_support · Post by **aware_support** » Wed Aug 06, 2008 2:02 am

Aware IM does not support single sign-on yet, but this URL can be used as a workaround for those who can write a small piece of code that would extract the relevant credentials from whatever system they want and pass it to Aware IM.

I forgot to mention that if a user is registered in LDAP (supported by the Active Directory as well) then Aware IM will go into LDAP for the user credentials (the user needs to be setup as LDAP user in Aware IM) - this is slightly off topic, but may be relevant to some people.

jclark58 · Post by **jclark58** » Wed Aug 06, 2008 2:14 am

Thanks I'll check the LDAP option out now.

aware_support · Post by **aware_support** » Wed Aug 06, 2008 2:32 am

LDAP support is a separate option - you may not have it

jclark58 · Post by **jclark58** » Wed Aug 06, 2008 2:47 am

Yep thats right I remember now. Pity

RocketRod · Post by **RocketRod** » Wed Aug 06, 2008 5:52 am

If you use LDAP, does not the access level also come from there, so therefore a user cannot have different access levels for different applications? Should the username and password not be matched against the staff BO and the access level obtained from there for each app. Or am I missing something?

aware_support · Post by **aware_support** » Thu Aug 07, 2008 12:41 am

When you define an object which is a member of SystemUsers group and which is persisted in LDAP, Aware IM pops up a dialog which lets you choose which attribute in LDAP will be responsible for holding the value of the access level. Aware IM will then take the access level value from that attribute. This will be, of course, within the context of the business space where you are defining the LDAP-persisted object.

I am not sure what you mean here by "different applications". If you mean different Aware IM business spaces, then there is no problem, because you will configure different LDAP objects for different business spaces.

If you mean the same Aware IM application running in a different business context, then you can solve the problem at the configuration level - for example, define a business rule that will attach a particular value for access level based on the business requirements of your application. You would still need to define an attribute in LDAP to hold this value, but this attribute conceptually will not "come from" LDAP, but rather be written there by your business rules.

Sergej · Post by **Sergej** » Sat Dec 24, 2011 9:48 am

Our clients and partners who have remote access to aware app are very unhappy that they have to enter login and password each time, I understand it cause most of modern online apps have a feature "Remember Me" that allows to enter login/password only once so that in future when you enter app you will be already logged in.

Is it technically possible in awareim, can it be done by making timeout session a larger value or by writing a plugin?

Or is it possible to make a plugin that will allow pressing one button in app that will add to browsers bookmarks url http://localhost:8080/AwareIM/logonOp.do?... &userName=blah&password=blah... with login/password of corresponding user.

aware_support · Post by **aware_support** » Tue Dec 27, 2011 10:57 pm

You don't need a plug-in to add a bookmark with a particular user name and password - all you need to do is modify a standard Aware IM logon page (logon.html) to add Javascript that would do exactly that when a user presses some button

pbrad · Post by **pbrad** » Wed Dec 28, 2011 12:48 pm

http://www.sivamdesign.com/scripts/dwld/memCheck.html

Sergej · Post by **Sergej** » Thu Dec 29, 2011 8:26 am

pbrad wrote:http://www.sivamdesign.com/scripts/dwld/memCheck.html

Have you already modified aware login form to work like script above or its just example?