Authenticating Using Multiple Authentication Providers to Access Kaltura MediaSpace

Authenticating Using Multiple Authentication Providers

KMS provides support for the following types of authentication methods: LDAP, SAML, SSO Gateway, and Kaltura authentication. Until now, only one type of authentication method was supported, and combinations of the different types of authentication methods were not available. KMS is now able to support multiple types and combinations of authentication methods and allow users to login through different authentication methods. A common use case for example, is for organizations that do not have the user in the organization’s Active Directory or cannot be authenticated by the organization’s Identity Provider.  With this feature, external users with local credentials may login with LDAP credentials, and internal users with SAML credentials. 

This section pertains to enabling authentication providers when the enableMultiAuth field in the Auth module is set to Yes.

When configured, the user is presented with a choice of authentication methods (based on the authentication methods configured by the admin) in the login screen. The four default authentication methods are

  • LDAP Authentication – User authentication and credentials validation through direct access to the organizational LDAP or Active Directory server. 
  • SSO Gateway Authentication – A Kaltura generic gateway for integrating with a customer- specific login and authentication implementation, while providing the user with a Single Sign-On experience. 
  • Header Authentication – User is authenticated through a request in the organizational authentication system. The response includes the authenticated user ID in a specific HTTP header. 
  • Kaltura Authentication – User authentication and credentials managed by Kaltura. 
  • Custom Authentication Methods – For any other type of authentication method, custom adapters can be developed and added to the MediaSpace installation.

Multiple SAML instances may be configured, which can increase the total number of login options. For more information about SAML authentication, see the Kaltura MediaSpace SAML Integration Guide.

Authorization Methods When Using Multiple Authentication Providers

When setting multiple authentication providers, the authorization method must be the same as the authentication method, therefore, the authorization configurations that are displayed for single providers are hidden. The relevant fields for authorization are taken from the authentication configurations.

Enabling Configuration for Multiple Authentication Providers

To enable the multi authentication feature
  1. On the Configuration Management panel of the Kaltura MediaSpace Administration Area, open the Auth module.
  2. Select Yes in the enableMultiAuth field.
  3. Enter the Welcome message in the multiAuthWelcome field. This may be a text string in any language. (Default text: Welcome to MediaSpace).
  4. Enter the text to display on the login page in the multiAuthSelect field. This may be a text string in any language. (Default text: Please choose one of the login options below)
    The authMethods fields are displayed.  Each authMethod you choose has the relevant fields available for configuration.
  5. Fill in the authSlug  field to create a direct link for users to login via a selected authentication method. The new URL is https://{your_KMS_URL _here}/SLUG.
    Note: Only alphanumeric characters are allowed.
    After a user is logged in, the authentication method is not saved.  When accessing the multi-authentication login page again, the user is presented with the entire list of authentication options, with the check box to save the selection. After saving the selected authentication method, the admin page displays the full path for the login.
  6. Click Add authMethods to add additional methods.

Configure the Display for the Login Screen for Each authMethod

To Configure the Display for the Login Screen for Each authMethod

  1. Select an authentication method from the drop-down menu.
  2. Enter a friendlyName. If left empty the default is take from the authentication method name
  3. Enter helpText.
  4. Click Add authMethods to add more authentication methods.
  5. Continue configuring an additional section for the authMethods you want to use..

Example of a Multi-Authentication Login Screen

Remember My Selection - stores the user’s login credentials for their following sessions.

If the user makes a mistake they will need to clear their browser’s cache. An alternate method to change the selection is to use the following link to clear the login selection:  https://{your_KMS_URL _here}/user/clear-login-selection. See Log Into MediaSpace for Authenticated Users for the end user flow.

In This Article
Was this article helpful?
Thank you for your feedback!