Auth

Field

Description

demoMode

Enable the demo login mode? After entering any user or password combination, the user has an admin role

showLogin

Show login / logout menu on site header.

phUser

phPwd

user ID alternate field placeholder

password alternate field placeholder

phLoginInstruction

login instructions

enableMultiAuth

Enable Multi-Authentication Methods configuration. When set to Yes, the multiAuthWelcome  and multiAuthselect Fields are displayed and  a section for each authentication method you choose to configure.

multiAuthWelcome

Enter the welcome text to show on the  login selection page.

multiAuthSelect

Enter the text to show on login selection page.

authMethods

 

method

Choose an authentication methods from the drop-down menu.

friendlyName

Enter the text to show the user on the login selection page, leave empty to use default .

helpText

Enter the text to show when hovering over the question mark on the login selection page, leave empty to use default

authSlug
Fill in the URL ending to allow a direct link for users to login via this auth method. The new URL will be https://<my_mediaspace_instance>.kaltura.com/auth/SLUG.
Note: Only alphanumeric characters are allowed.

authNAdapter  is displayed when enableMultiauth is set to NO>

What is the name of the PHP class for handling authentication? KalturaAuth enables the built-in User Management system (located at /admin/users). LdapAuth lets you use your organizational LDAP/AD server to authenticate users. To use your own custom class, click 'Add custom value' and enter the custom class name.

authZAdapter is displayed when enableMultiauth is set to NO>

What is the name of the PHP class for handling authorization? Authorization determines the user's role. KalturaAuth enables the built-in User Management system (located at /admin/users). LdapAuth lets you use your organizational LDAP/AD server to determine roles. To use your own custom class, click 'Add custom value' and enter the custom class name.

allowAnonymous

Can users access MediaSpace without logging in? If you select 'yes,' anonymousRole users can browse the galleries and view videos. For anonymousRole users, links/buttons for actions that require more advanced roles are displayed. When an anonymousRole user clicks a link/button that requires a more advanced role, a login screen is displayed.

anonymousGreeting

What text should be used in the header instead of an actual user name?

sessionLifetime

How long can a MediaSpace user session last? The value must be greater than 100 sec in sessionLifetime field.

sslSettings

Select your option for a secure login page (via https).

refreshDetailsOnLogin

Select 'Yes' to update the user's details on Kaltura upon login (recommended).

refreshRoleOnLogin

Select 'Yes' to update the user's role on Kaltura upon login. Select 'No' to allow KMS admin to override the user's role through Kaltura user management.

ldapServer

host

What is the address of your LDAP Server?

port

What is the port of your LDAP Server?

protocol

What protocol does your LDAP server use? (ldap or ldaps)

Protocolversion

What is the protocol version of your LDAP server? (V2 or V3)

baseDn

What is the base DN of your LDAP server?

bindMethod

Which mode of operation is used for authenticating with LDAP? 'Search before bind' means that the user's DN is discovered by searching the LDAP/ad server. Direct bind means that the user's DN is constructed automatically according to the format that you specify under userDnFormat (displayed below when you select Direct Bind) and no search is performed.

directBind

 

userDnFormat

Enter the DN format of the username. Place the @@USERNAME@@ token where the username should be in the string. For example: 'cn=@@USERNAME@@,ou=somegroup,dc=example,dc=com')

emailAttribute

What is the name of the attribute on the user record that contains the user ID? If you do not want to sync email with Kaltura, do not enter an emailAttribute.

firstNameAttribute

What is the name of the attribute on the user record that contains the user's first name? If you do not want to sync the first name with Kaltura, do not enter a firstNameAttribute.

lastNameAttribut

What is the name of the attribute on the user record that contains the user's last name? If you do not want to sync the last name with Kaltura, do not enter a lastNameAttribute.

tlsCipherSuite

Advanced: control the value of LDAPTLS_CIPHER_SUITE environment variable. use with extra care!

ldapOptions - Configure the LDAP options for group searches.

groupSearch

 

byUser

memberOfAttribute

Enter the memberOfattribute to use the memberof search filter to map groups to users. Note: The memberof search filter is not enabled by default on all LDAP servers.

userSearchQueryPattern

Enter the pattern for querying the LDAP server to find a user. The @@USERNAME@@ token will be replaced with the actual user name provided in the login window.

primaryGroupIdAttribute

(Optional) Enter the attribute name for the primary group ID (usually primaryGroupId). Use this field only to authorize by primary group ID when you are using AD.

groupsMatchingOrder

Enter the order in which to match MediaSpace roles to LDAP groups. For example, if a user belongs to a group that is mapped to the admin role, enter adminRole before other roles ('adminRole,viewerRole') to find the admin role first and log in the user with the adminRole.

ldapGroups -Map your LDAP server groups to MediaSpace roles. The group value should be the value of the CN part - i.e. 'faculty', not 'CN=faculty'

adminRole

Enter LDAP group names that match the MediaSpace adminRole.

viewerRole

Enter LDAP group names that match the MediaSpace viewerRole.

privateOnlyRole

Enter LDAP group names that match the MediaSpace privateOnlyRole.

unmoderatedAdminRole

Enter LDAP group names that match the MediaSpace unmoderatedAdminRole.

matchByPrimaryGroupId

 

sso

secret

Enter a custom secret, or enter 'default' to use the Kaltura Admin Secret associated with your Kaltura account.

loginUrl

What is the URL for the SSO gateway login page? Note: The 'ref' parameter is added automatically.

logoutUrl
What is the URL to which a user is redirected after logging out of MediaSpace? Usually, you enter your organization's login page.

hashAlgorithm

Choose the hash algorithm used to generate the session key - either SHA1 or SHA256.

headerAuth - To configure KMS login through Header Authentication fill in the relevant fields in this section.

headerName

Set the name of the HTTP header that contains the user ID of the authenticated user.

logoutURL

If 'allowAnonymous' value is set to 'No', you can specify a URL (instead of an 'unauthorized' page) to which the user is redirected when logged out.

forgotPassword

link

The 'link' options are: [1] Empty the value if you do not want a 'Forgot Password' link to be displayed. [2] Enter an email address preceded by 'mailto:' (without quotes). The user's local email client opens an email with the subject and body populated with the texts defined in the 'emailSubject' and 'emailBody' fields. [3] Enter a URL for a page that you define (for example, a mechanism for reminding users of their login credentials). Note: Do not enter 'true.'

emailSubject

If you enter an email address in the 'link' field, enter the text to populate the subject field of the email. If you do not want to populate the subject field, enter an empty string (' ').

emailBody

If you enter an email address in the 'link' field, enter the text to populate the body of the email. If you do not want to populate the body, enter an empty string (' '). For KalturaAuth's User Management send new password feature: (If authClass is set to KalturaAuth, MediaSpace exposes a user management system. This system's admin can click on a user's email to open the admin's local email client to email the new password to the user.)

reminderSubject

Enter the text to populate the subject field of the 'new password' email. If you do not want to populate the subject field, enter an empty string (' ').

reminderBody

Enter the text to populate the body of the 'new password' email. The password will be inserted automatically at the end of the body text. If you do not want to populate the body, enter an empty string (' ').

In This Article
Was this article helpful?
Thank you for your feedback!