Configuring the DSS Web.config for RTA
Run-Time Authentication (RTA) is already installed by default and configured for Active Directory or LDAP authentication. However, to use these features, RTA must first be configured according the following steps.
The configuration options for RTA are located in the DSS Web.config file, which is stored in the DSS site folder.
Navigate to this file and open it in a text editor. Then find the runtimeAuthSettings element and make sure that enabled is set to “true”. Doing this enables the default Active Directory plug-in. The rest of the settings element looks as follows:
<!-- RuntimeAuth Settings -->
<runtimeAuthSettings enabled="true" allowedMediaStreamingInProtectedFolders="false"
allowedRequestIPs=""
auth_backgroundAuthentication="false"
auth_failureMessage="Authentication Failed. Invalid User Name or Password." auth_passwordFieldName="pass"
auth_userFieldName="user" authenticationPageList="x191.xml" binaryDownloadPage=""
forbiddenFolders="settings" forbiddenFoldersResponsePage="x13.xml" homePage="x11.xml"
loginHandlerPageMockup="login" loginPagePath="x192.xml" logoutHandlerPageMockup="logout"
protectedBinaryFolders="documents/secured" redirectionQueryStringName="redir">
<plugin>
<add name="ADAuthPlugin.dll" />
</plugin>
</runtimeAuthSettings>The following table lists the attributes you must configure:
| Attribute | Description |
|---|---|
| enabled | Must be set to true. This attribute determines whether RTA is turned on. |
| allowMediaStreamingInProtectedFolders | If set to true, this attribute enables publishing of streamable media resources in protected folders. |
| allowedRequestIPs | A list of IP addresses that are allowed to request session data from the CMS. Used when securely integrating third-party applications with RTA. |
| auth_backgroundAuthentication | If set to true, enables background athentication. This causes RTA to validate session details against external SSO locations. |
| auth_failureMessage | The error message displayed to users whose credentials aren't successfully authenticated. |
| auth_passwordFieldName | Configuration for the login form field name; defaults to password. |
| auth_userFieldName | Configuration for the username form field name; defaults to username. |
| binaryDownloadPage | An xID or URL that specifies the page to which users should be redirected when requesting to download a protected media item. |
| forbiddenFolders | Defines website folders to which access is always forbidden, regardless of a user's authentication status. Typically includes the settings and StyleSheets directories. |
| forbiddenFoldersResponsePage | The xID of URL of the pages to which users are directed when their credentials cannot be authenticated. |
| homepage | The xID of the home page. |
| loginHandlerPageMockup | The URL for logging in the user; if not specified, it uses the default login.ashx value. |
| authenticationPageList | The xID of the page that contains a list of pages that require authentication. |
| loginPagePath | The xID.xml of the login page that appears when a user attempts to access a protected page. |
| logoutHandlerPagemockup | The URL for logging the user out; if not specified, it users the default logout.ashx value. |
| protectedBinaryFolders | A list of website folders that require authentication for access. Folders defined here have their contents protected. Typically used to authenticate access to asset folders. |
| redirectionQueryStringName | The name of the redirection query string. |