Configuring the DSS Web.config for RTA

Run-Time Authentication (RTA) is already installed by default and configured for Active Directory or LDAP authentication. However, to use these features, RTA must first be configured according the following steps.

The configuration options for RTA are located in the DSS Web.config file, which is stored in the DSS site folder.

Navigate to this file and open it in a text editor. Then find the runtimeAuthSettings element and make sure that enabled is set to “true”. Doing this enables the default Active Directory plug-in. The rest of the settings element looks as follows:

<!-- RuntimeAuth Settings -->
<runtimeAuthSettings enabled="true" allowedMediaStreamingInProtectedFolders="false"
auth_failureMessage="Authentication Failed. Invalid User Name or Password." auth_passwordFieldName="pass" 
auth_userFieldName="user" authenticationPageList="x191.xml" binaryDownloadPage=""
forbiddenFolders="settings" forbiddenFoldersResponsePage="x13.xml" homePage="x11.xml" 
loginHandlerPageMockup="login" loginPagePath="x192.xml" logoutHandlerPageMockup="logout" 
protectedBinaryFolders="documents/secured" redirectionQueryStringName="redir">
        <add name="ADAuthPlugin.dll" />

The following table lists the attributes you must configure:

Attribute Description
enabled Must be set to true. This attribute determines whether RTA is turned on.
allowMediaStreamingInProtectedFolders If set to true, this attribute enables publishing of streamable media resources in protected folders.
allowedRequestIPs A list of IP addresses that are allowed to request session data from the CMS. Used when securely integrating third-party applications with RTA.
auth_backgroundAuthentication If set to true, enables background athentication. This causes RTA to validate session details against external SSO locations.
auth_failureMessage The error message displayed to users whose credentials aren't successfully authenticated.
auth_passwordFieldName Configuration for the login form field name; defaults to password.
auth_userFieldName Configuration for the username form field name; defaults to username.
binaryDownloadPage An xID or URL that specifies the page to which users should be redirected when requesting to download a protected media item.
forbiddenFolders Defines website folders to which access is always forbidden, regardless of a user's authentication status. Typically includes the settings and StyleSheets directories.
forbiddenFoldersResponsePage The xID of URL of the pages to which users are directed when their credentials cannot be authenticated.
homepage The xID of the home page.
loginHandlerPageMockup The URL for logging in the user; if not specified, it uses the default login.ashx value.
authenticationPageList The xID of the page that contains a list of pages that require authentication.
loginPagePath The xID.xml of the login page that appears when a user attempts to access a protected page.
logoutHandlerPagemockup The URL for logging the user out; if not specified, it users the default logout.ashx value.
protectedBinaryFolders A list of website folders that require authentication for access. Folders defined here have their contents protected. Typically used to authenticate access to asset folders.
redirectionQueryStringName The name of the redirection query string.