Configuring DSS Web.config for Run-Time Authentication (RTA)


Run-Time Authentication (RTA) is installed by default and configured for Active Directory (AD) or LDAP authentication. To use these features, first configure RTA according to the following steps.

To configure DSS Web.config:

  1. Navigate to your DSS root directory e.g., [Drive]:[path-to-DSS-root-folder]).
  2. Open Web.config in a text editor.
  3. Find the runtimeAuthSettings element, and set the enabled attribute to true. This enables the default AD plug-in.
  4. Verify that the runtimeAuthSettings element within your Web.config is comparable to the following:
    <!-- RuntimeAuth Settings -->
    <runtimeAuthSettings enabled="false" allowMediaStreamingInProtectedFolders="false"
        allowedRequestIPs="" auth_backgroundAuthentication="false"
        auth_failureMessage="Authentication Failed. Invalid User Name or Password."
        auth_passwordFieldName="pass" auth_userFieldName="user" authenticationPageList="x191.xml"
        binaryDownloadPage="" forbiddenFolders="settings" forbiddenFoldersResponsePage="x13.xml"
        homePage="x11.xml" loginHandlerPageMockup="login" loginPagePath="x192.xml"
        logoutHandlerPageMockup="logout" protectedBinaryFolders="documents/secured"
        redirectionQueryStringName="redir">
        <plugins>
            <add name="ADAuthPlugin.dll"/>
        </plugins>
    </runtimeAuthSettings>
    

    Note: Both AD and LDAP rely on the ADAuthPlugin.dll.

  5. Optional: You can configure the following attributes in the runtimeAuthSettings element:
    Attribute Description
    enabled Must be set to true. Determines if RTA is turned on.
    allowMediaStreamingInProtectedFolders If set to true, enables the publishing of streaming media resources in protected folders.
    allowedRequestIPs The list of IP addresses allowed to request session data from the CMS. Use this when securely integrating third-party applications with RTA.
    auth_backgroundAuthentication If set to true, enables background authentication and causes RTA to validate session details against external SSO (single sign-on) locations.
    auth_failureMessage

    The error message displays to users whose credentials cannot be authenticated.

    auth_passwordFieldName Configuration for the login form field name. If unspecified, uses the default password value.
    auth_userFieldName Configuration for the username form field name. If unspecified, uses the default username value.
    binaryDownloadPage The xID or URL that specifies the page to which users should be redirected when requesting to download a protected media item.
    forbiddenFolders The website folders to which access is always forbidden, regardless of the user's authentication status. Typically includes the settings and StyleSheets directories.
    forbiddenFoldersResponsePage The xID or URL of the pages to which users are directed when their credentials cannot be authenticated.
    homePage The xID of the home page.
    loginHandlerPageMockup The URL for logging in users. If unspecified, uses the default login.ashx value.
    authenticationPageList The xID that contains the list of pages that require authentication.
    loginPagePath The xID.xml of the login page that displays when users attempt to access protected pages.
    logoutHandlerPageMockup The URL for logging out users. If unspecified, uses the default logout.ashx value.
    protectedBinaryFolders The list of website folders that require authentication for access. Defined folders have their contents protected. Typically, use this to authenticate access to asset folders.
    redirectionQueryStringName The name of the redirection query string.
  6. Save and close Web.config.

Next Steps: Set up page types for RTA.