Kaltura MediaSpace (KMS) provides support for the following types of authentication methods: LDAP, SAML, SSO Gateway, and Kaltura authentication as described in Authentication Methods.
KMS supports multiple types and combinations of authentication methods and allows users to login through different authentication methods. A common use case for example, is for organizations that do not have the user in the organization’s Active Directory or cannot be authenticated by the organization’s Identity Provider. With this feature, external users with local credentials may login with LDAP credentials, and internal users with SAML credentials. Read more about it in the new Kaltura MediaSpace Setup Guide.
When configured ,the user is presented with a choice of authentication methods (based on the authentication methods configured by the admin) in the login screen. The four default authentication methods are:
LDAP Authentication – User authentication and credentials validation through direct access to the organizational LDAP or Active Directory server. •
SSO Gateway Authentication – A Kaltura generic gateway for integrating with a customer- specific login and authentication implementation, while providing the user with a Single Sign-On experience. •
Header Authentication – User is authenticated through a request in the organizational authentication system. The response includes the authenticated user ID in a specific HTTP header. •
Kaltura Authentication – User authentication and credentials managed by Kaltura. •
Custom Authentication Methods – For any other type of authentication method, custom adapters can be developed and added to the MediaSpace installation.
Multiple SAML instances may be configured, which can increase the total number of login options. For more information about SAML authentication, see the Kaltura MediaSpace SAML Integration Guide.
When setting multiple authentication providers, the authorization method must be the same as the authentication method, therefore, the authorization configurations that are displayed for single providers are hidden. The relevant fields for authorization are taken from the authentication configurations.