Authentication
Authentication
Use the Configure | Settings menu to define the authentication method to be used by ART.
Internal Authentication
Internal authentication authenticates users with a username and password combination defined and stored within ART. Users can change their passwords using the Password menu located under their username on the far right of the menu bar.
You can explicitly specify to login using internal authentication using a url like art/login?authenticationMethod=internal
Windows Domain Authentication
If the users are in a windows domain environment, you can have them log in to ART using the usernames and passwords they use to log in to windows.
Do the following to configure ART to use windows domain authentication.
- In the Settings page, set the Default Authentication Method to Windows Domain
-
Set the Windows Domain Controller field to the domain controller machine name (IP address should also work). You can do the following to get the domain controller machine name.
ping <domain name> (This will get the ip address of the domain controller) ping -a <ip address of domain controller> (This will get the hostname of the domain controller) -
Set the Allowed Windows Domains field to the windows domain name
For each user who requires access to ART, you will also need to create a user within ART with the same username as their windows login username and grant them appropriate access to reports. The users can now log in to ART using their windows username and password.
You can explicitly specify to login using windows domain authentication using a url like art/login?authenticationMethod=windowsDomain
LDAP Authentication
Do the following to configure ART to use LDAP authentication.
- In the Settings page, set the Default Authentication Method to LDAP
- Provide values for the LDAP fields. If you fill the ldap server and port fields, leave the url field blank. If you use the url field, leave the server and port fields blank.
For each user who requires access to ART, you will also need to create a user within ART with the same username as their uid (or samAccountName for Active Directory). The users can now log in to ART using their ldap uid and password.
You can explicitly specify to login using ldap authentication using a url like art/login?authenticationMethod=ldap
Database Authentication
Database logins can also be used to access ART. Do the following to use the database authentication that comes with ART.
- Have or create database users on any database. The users need to be able to connect to the database but don't need to have any other rights on the database
- In the Settings page, set the Default Authentication Method to Database
- Fill the Database Authentication JDBC fields. The JDBC driver for the database will need to be available in the ART_HOME\WEB-INF\lib directory or TOMCAT_HOME\lib directory if using Apache Tomcat.
For each user who requires access to ART, you will also need to create a user within ART with the same username as their database login username. The users can now log in to ART using their database username and password.
You can explicitly specify to login using database authentication using a url like art/login?authenticationMethod=database
CAS Authentication
ART can use an existing CAS server to do the authentication of users. To use CAS authentication, take the following steps
- Ensure the CAS server is running
- Start ART with Internal authentication configured
- Ensure the CAS users are also created within ART. The password within ART is not important as CAS will be doing the authentication.
- In the Settings page, change the Default Authentication Method to CAS
- Enter the CAS Logout URL e.g.
https://cas-server:8443/cas/logoutto enable users to log out of CAS, and thereby log out of all applications that use CAS. - Log out of ART
- Stop ART
- Edit ART's web.xml file and uncomment the items in the CAS configuration section, providing appropriate urls for the CAS and ART applications.
- Start ART again
- You should be redirected to the CAS login page where you will provide appropriate credentials, after which you will be redirected back to ART
For each user who requires access to ART, you will also need to create a user within ART with the same username as their CAS login username.
You can explicitly specify to login using cas authentication using a url like art/login?authenticationMethod=cas
HTTP Header Authentication
ART can have authentication done by another system and receive an authenticated via a http header. Do the following to use http header authentication.
- Change the allowHttpHeaderAuthentication setting in \WEB-INF\art-custom-settings.json to true
- In the Settings page, change the Default Authentication Method to HTTP Header
- Set the HTTP Authentication Variable field to the name of the http header that will be used to pass the authenticated username
For each user who requires access to ART, you will also need to create a user within ART with the same username as will be passed in the http header.
You can explicitly specify to login using cas authentication using a url like art/login?authenticationMethod=httpHeader
OAuth Authentication
ART can authenticate users using an external OAuth 2.0 provider/server. Do the following to use oauth authentication.
- In the oauth provider, create and configure an application that will allow your ART instance to authenticate users using the provider. See the oauth notes in the Settings section for the URLs to set.
- In the Settings page, change the Default Authentication Method to OAuth
- Set the OAuth fields and any other oauth JSON options in the Settings page or in the \WEB-INF\art-custom-settings.json file
For each user who requires access to ART, you will also need to create a user within ART with the same username as that in the oauth provider.
You can explicitly specify to login using cas authentication using a url like art/login?authenticationMethod=oauth
