![]() When using the basic authentication mechanism, iTop relies on the web server to populate two PHP internal variables: PHP inside the Apache web server can be configured to run in two different modes: as a module or as a CGI. ![]() basic authentication), wget will get a response “401 unauthorized” from the web server, and will retry with the supplied credentials.īasic Authentication and Apache in CGI mode In the second case, wget will not send any credentials first, but telling iTop that the preferred way to authenticate is “basic” (i.e. In the first command line, wget will send automatically the credentials to the web server (using the Basic authentication mechanism) and iTop will detect their presence. Wget -no-check-certificate -http-user=admin -http-password=admin2 -O test.csv "" Wget -http-user= -http-password= -O test.csv -auth-no-challenge "" ![]() In this configuration is it also possible to have scripts retrieving data from iTop using a command line application like wget, with the following syntax: When using Excel, it is possible, by adding &login_mode=basic at the end of the link to the page used for the web query, to have Excel prompt the user for their login/password when the web query is launched for the first time. When using the application interactively, the end-user can log off the application using the “log off menu”. When connecting to the application, end-users will be prompted to enter their login/password using the usual iTop login form. iTop simply trusts the parameters passed by the web server.įor an instance of iTop in which the users are authenticated either by the local password (stored in the iTop database) or by an LDAP server, and using either their web browser (to navigate in the application) or Microsoft Excel to run some reports (as web queries), the following value can be put in the configuration file: ITop does not perform any authentication when an “external” user connects. Used when the authentication is performed by the web server itself before even accessing the iTop application. The password has to be written in clear text in the address of the page ! Needed if you want to run web queries in OpenOffice. Provides transparent single-sign-on with other CAS applications, for example a LifeRay portalĬompatible with any application. Use JA-SIG CAS APIs to connect to a CAS server for authentication Compatible with all applications supporting this protocol (e.g. ![]() Excel web queries)īasic HTTP authentication. Not designed for use by batch/scripts or when the web browser is “hidden” from the end-user (i.e. Provides also a logout/logoff functionality Currently iTop supports two types of internal authentications:įorm based logon, best suited for interactive logon. If the authentication is not “external”, then iTop will actively participate to this authentication. If the application uses “internal” authentication, then several types of authentication may coexist for the same installation (for example you can configure iTop to use the form based dialog and use a mix of LDAP and Internal users). ![]() When deploying iTop, you have to decide whether the application will use an external authentication mechanism or rely on the iTop internal mechanism. This is what happens if you install iTop under Apache in a directory protected with a. In this case the iTop application will just be passed the name of the authenticated user, once it has been validated by the web server. In the context of this document, “External authentication” means that the user authentication is performed completely outside of iTop (by the web server or some kind of web server add-on). Some part of the iTop behavior is defined at the web server level, however it is possible to mix the different authentication types on a per user basis.įor example if you already have an LDAP server for authenticating the end-users, it may be convenient to use this LDAP authentication for end-users and local passwords for functional logins (for automation processes and scripts). In order to seamlessly integrate with your environment, iTop can use several authentication mechanisms. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |