| demoMode | Enable the demo login mode? After entering any user or password combination, the user has an admin role. |
| showLogin | Show login / logout menu on site header. |
phUser phPwd | user ID alternate field placeholder password alternate field placeholder |
| phLoginInstruction | login instructions |
enableMultiAuth | Enable Multi-Authentication Methods configuration. When set to Yes, the multiAuthWelcome and multiAuthselect Fields are displayed and a section for each authentication method you choose to configure. |
| multiAuthWelcome | Enter the welcome text to show on the login selection page. |
multiAuthSelect | Enter the text to show on login selection page. |
authMethods |
| method | Choose an authentication method from the drop-down menu. |
| friendlyName | Enter the text to show the user on the login selection page, leave empty to use default. |
| helpText | Enter the text to show when hovering over the question mark on the login selection page, leave empty to use default. |
| authSlug | Fill in the URL ending to allow a direct link for users to login via this auth method. The new URL will be https://<my_mediaspace_instance>.kaltura.com/auth/SLUG.
Note: Only alphanumeric characters are allowed. |
authNAdapter is displayed when enableMultiauth is set to NO> | What is the name of the PHP class for handling authentication? KalturaAuth enables the built-in User Management system (located at /admin/users). LdapAuth lets you use your organizational LDAP/AD server to authenticate users. To use your own custom class, click 'Add custom value' and enter the custom class name. |
authZAdapter is displayed when enableMultiauth is set to NO> | What is the name of the PHP class for handling authorization? Authorization determines the user's role. KalturaAuth enables the built-in User Management system (located at /admin/users). LdapAuth lets you use your organizational LDAP/AD server to determine roles. To use your own custom class, click 'Add custom value' and enter the custom class name. |
allowAnonymous | Can users access MediaSpace without logging in? If you select 'yes,' anonymousRole users can browse the galleries and view videos. For anonymousRole users, links/buttons for actions that require more advanced roles are displayed. When an anonymousRole user clicks a link/button that requires a more advanced role, a login screen is displayed. |
anonymousGreeting | What text should be used in the header instead of an actual user name? |
sessionLifetime | How long can a MediaSpace user session last? The value must be greater than 100 sec in sessionLifetime field. |
sslSettings | Select your option for a secure login page (via https). |
refreshDetailsOnLogin | Select 'Yes' to update the user's details on Kaltura upon login (recommended). |
refreshRoleOnLogin | Select 'Yes' to update the user's role on Kaltura upon login. Select 'No' to allow KMS admin to override the user's role through Kaltura user management. |
ldapServer |
host | What is the address of your LDAP Server? |
port | What is the port of your LDAP Server? |
protocol | What protocol does your LDAP server use? (ldap or ldaps) |
Protocolversion | What is the protocol version of your LDAP server? (V2 or V3) |
baseDn | What is the base DN of your LDAP server? |
bindMethod | Which mode of operation is used for authenticating with LDAP? 'Search before bind' means that the user's DN is discovered by searching the LDAP/ad server. Direct bind means that the user's DN is constructed automatically according to the format that you specify under userDnFormat (displayed below when you select Direct Bind) and no search is performed. |
directBind | |
userDnFormat | Enter the DN format of the username. Place the @@USERNAME@@ token where the username should be in the string. For example: 'cn=@@USERNAME@@,ou=somegroup,dc=example,dc=com') |
emailAttribute | What is the name of the attribute on the user record that contains the user ID? If you do not want to sync email with Kaltura, do not enter an emailAttribute. |
firstNameAttribute | What is the name of the attribute on the user record that contains the user's first name? If you do not want to sync the first name with Kaltura, do not enter a firstNameAttribute. |
lastNameAttribut | What is the name of the attribute on the user record that contains the user's last name? If you do not want to sync the last name with Kaltura, do not enter a lastNameAttribute. |
tlsCipherSuite | Advanced: control the value of LDAPTLS_CIPHER_SUITE environment variable. use with extra care! |
ldapOptions - Configure the LDAP options for group searches. |
groupSearch | |
byUser |
memberOfAttribute | Enter the memberOfattribute to use the memberof search filter to map groups to users. Note: The member of search filter is not enabled by default on all LDAP servers. |
userSearchQueryPattern | Enter the pattern for querying the LDAP server to find a user. The @@USERNAME@@ token will be replaced with the actual user name provided in the login window. |
primaryGroupIdAttribute | (Optional) Enter the attribute name for the primary group ID (usually primaryGroupId). Use this field only to authorize by primary group ID when you are using AD. |
groupsMatchingOrder | Enter the order in which to match MediaSpace roles to LDAP groups. For example, if a user belongs to a group that is mapped to the admin role, enter adminRole before other roles ('adminRole,viewerRole') to find the admin role first and log in the user with the adminRole. |
ldapGroups -Map your LDAP server groups to MediaSpace roles. The group value should be the value of the CN part - i.e. 'faculty', not 'CN=faculty' |
adminRole | Enter LDAP group names that match the MediaSpace adminRole. |
viewerRole | Enter LDAP group names that match the MediaSpace viewerRole. |
privateOnlyRole | Enter LDAP group names that match the MediaSpace privateOnlyRole. |
unmoderatedAdminRole | Enter LDAP group names that match the MediaSpace unmoderatedAdminRole. |
matchByPrimaryGroupId | |
sso |
secret | Enter a custom secret, or enter 'default' to use the Kaltura Admin Secret associated with your Kaltura account. |
loginUrl | What is the URL for the SSO gateway login page? Note: The 'ref' parameter is added automatically. |
logoutUrl
| What is the URL to which a user is redirected after logging out of MediaSpace? Usually, you enter your organization's login page.
|
hashAlgorithm | Choose the hash algorithm used to generate the session key - either SHA1 or SHA256. |
headerAuth - To configure KMS login through Header Authentication fill in the relevant fields in this section. |
headerName | Set the name of the HTTP header that contains the user ID of the authenticated user. |
logoutURL | If 'allowAnonymous' value is set to 'No', you can specify a URL (instead of an 'unauthorized' page) to which the user is redirected when logged out. |
forgotPassword |
link | The 'link' options are: [1] Empty the value if you do not want a 'Forgot Password' link to be displayed. [2] Enter an email address preceded by 'mailto:' (without quotes). The user's local email client opens an email with the subject and body populated with the texts defined in the 'emailSubject' and 'emailBody' fields. [3] Enter a URL for a page that you define (for example, a mechanism for reminding users of their login credentials). Note: Do not enter 'true.' |
emailSubject | If you enter an email address in the 'link' field, enter the text to populate the subject field of the email. If you do not want to populate the subject field, enter an empty string (' '). |
emailBody | If you enter an email address in the 'link' field, enter the text to populate the body of the email. If you do not want to populate the body, enter an empty string (' '). For KalturaAuth's User Management send new password feature: (If authClass is set to KalturaAuth, MediaSpace exposes a user management system. This system's admin can click on a user's email to open the admin's local email client to email the new password to the user.) |
reminderSubject | Enter the text to populate the subject field of the 'new password' email. If you do not want to populate the subject field, enter an empty string (' '). |
reminderBody | Enter the text to populate the body of the 'new password' email. The password will be inserted automatically at the end of the body text. If you do not want to populate the body, enter an empty string (' '). |
