Authenticating Using Multiple Authentication Providers to Access Kaltura MediaSpace

Printer-friendly version

The following topics are described

Authenticating Using Multiple Authentication Providers (for Admin)

KMS provides support for the following types of authentication methods: LDAP, SAML, SSO Gateway, and Kaltura authentication. Until now, only one type of authentication method was supported, and combinations of the different types of authentication methods were not available. KMS is now able to support multiple types and combinations of authentication methods and allow users to login through different authentication methods. A common use case for example, is for organizations that do not have the user in the organization’s Active Directory or cannot be authenticated by the organization’s Identity Provider.  With this new feature, external users with local credentials may login with LDAP credentials, and internal users with SAML credentials. Read more about it in the updated Kaltura MediaSpace Setup Guide

This section pertains to enabling authentication providers when the enableMultiAuth field is set to Yes.

When configured, the user is presented with a choice of authentication methods (based on the authentication methods configured by the admin) in the login screen. The four default authentication methods are

  • LDAP Authentication – User authentication and credentials validation through direct access to the organizational LDAP or Active Directory server. 
  • SSO Gateway Authentication – A Kaltura generic gateway for integrating with a customer- specific login and authentication implementation, while providing the user with a Single Sign-On experience. 
  • Header Authentication – User is authenticated through a request in the organizational authentication system. The response includes the authenticated user ID in a specific HTTP header. 
  • Kaltura Authentication – User authentication and credentials managed by Kaltura. 
  • Custom Authentication Methods – For any other type of authentication method, custom adapters can be developed and added to the MediaSpace installation.

Multiple SAML instances may be configured, which can increase the total number of login options. For more information about SAML authentication, see the Kaltura MediaSpace SAML Integration Guide.

When setting multiple authentication providers, the authorization method must be the same as the authentication method, therefore, the authorization configurations that are displayed for single providers are hidden. The relevant fields for authorization are taken from the authentication configurations.

Enabling Configuration for Multiple Authentication Providers

To enable the multi authentication feature

  1. On the Configuration Management panel of the Kaltura MediaSpace Administration Area, open the Auth tab.
  2. Select Yes in the enableMultiAuth field.
  3. Enter the Welcome message in the multiAuthWelcome field. This may be a text string in any language. (Default text: Welcome to MediaSpace).
  4. Enter the text to display on the login page in the multiAuthSelect field. This may be a text string in any language. (Default text: Please choose one of the login options below)
    The authMethods fields are displayed.  Each authMethod you choose has the relevant fields available for configuration.

  5. Click Add authMethods to add additional methods.

To Configure the Display for the Login Screen for Each authMethod

  1. Select an authentication method from the drop-down menu.
  2. Enter a friendlyName. if left empty the default is take from the authentication method name
  3. Enter helpText.
  4. Click Add authMethods to add more authentication methods.
  5. Continue configuring each section as in Selecting an Authentication Method.

Example of a Multi-Authentication Login Screen

Remember My Selection - will store the user’s login credentials for their following sessions.

If the user makes a mistake they will need to clear their browser’s cache. An alternate method to change the selection will be to use the following link to clear the login selection:  https://{your_KMS_URL _here}/user/clear-login-selection

End User Login Flow

Logging in to MediaSpace depends on your MediaSpace configuration. When you receive the MediaSpace URL to login into, there may be two options:

  • The site presents a login window to login into MediaSpace.
  • The MediaSpace site homepage is displayed with pre-configured content.

The different login displays depend on whether your site is configured to allow anonymous users to access your portal. There are some pages in MediaSpace that are reserved for authenticated users and the login window displayed depends on your administrator’s configuration.

To log into MediaSpace

  1. Select Login from the User drop-down menu.
  2. Enter your UserID and Password, in the MediaSpace SignIn window and click Sign in.

If your administrator configured your site to allow multiple authentication providers, the login prompt will display with several choices for you to login. If you are uncertain which option to use, use the tooltip for guidance.

 

Document type: 
Product version: 
(9675 reads)