Authentication in the Ingeniux CMS

The Ingeniux CMS relies on one of several mechanisms to authenticate users:

  • Single Windows Domain: Utilizes a single Windows NT domain containing all users to provide authentication services to a CMS site. 
  • LDAP: Provides authentication services to a CMS site via a single non-Windows based LDAP service provider (e.g., Open LDAP) in which all users are contained in a single section of the directory structure. 
  • Multi-Provider: Utilizes several different authenticating bodies containing users to provide authentication services to a CMS site.
  • SAML: Provides Single Sign-On (SSO) authentication using the SAML protocol.
  • Raven DB: By default, the CMS provides a local authentication mechanism implemented through RavenDB, which is at the core of the CMS.

In each case, the Content Management Server (CMS) captures the user's credentials, passes them to the authenticating agent, and authorizes the user based on a successful authentication. The application requires that the user ID match the user ID in the authenticating database to authorize a particular user to work with content inside the CMS. In a Windows Domain environment, the domain\user account syntax must be used when creating users in the Users/Groups Manager.

For LDAP or a custom authentication mechanism, the user account syntax must match the syntax used with these methods.
A Dynamic Site Server relies on IIS with a Windows server to determine access to published content. Typically, this entails the use of anonymous access in conjunction with an account such as the IUSR.

Lastly, both servers can be configured in IIS to use the SSL protocol. The web-server application handles this level of security and doesn't impact the CMS as long as client requests can reach it.

For information on setting up authentication during the installation of a CMS site, see Creating a CMS Site Instance.