Messages, emails and actions

Winauth (version 8.5+)

WARNING: This plugin should only be enabled and configured by system administrators as it affects how users log in to ResourceSpace.

This plugin allows users to log on to ResourceSpace using their Windows credentials on a compatible web server with Windows Integrated Authentication enabled.

Important information

  • This plugin will not automatically create users in ResourceSpace. You must precreate users in ResourceSpace and assign them to the required groups

  • This is intended for use on a Windows server running IIS. Whilst it is possible to get this to work with other web servers you will need to do a lot of configuration.

  • The username must match the Windows login name (samAccountName) of the user. If you want to allow the user MYCORP\rsuser to log in you will need to create an account with the username 'rsuser'

  • If you have multiple domains and you believe that the same username may be used in more than one domain by different users you should not use this plugin as this is not currently supported. We recommend using the simplesaml or simpleldap plugins.

Setup

Enable Integrated Authentication

You need to disable Anonymous access for the 'plugins/winauth/pages/secure' and enable Integrated Authentication for the same folder. You may wish to enable Integrated Authentication for the whole ResourceSpace site, however this is not required.

Assuming you are using IIS you can do this by following these steps:-

  1. Open IIS Manager
  2. Expand� � � ->� Sites ->�
  3. Navigate to the plugins/winauth/pages folder and select the 'secure' folder below this
  4. Click on the 'Authentication' icon in the right-hand panel
  5. Disable 'Anonymous authentication'
  6. Enable 'Windows Authentication'
  7. Restart IIS

Plugin Configuration

The plugin options page requires the following information to be provided:-

Enable Windows authentication

Enable or disable the plugin
List of permitted Windows domains. Please enter a list of domains that you want to enable logins from (comma separated). Use short names e.g.MYCORP.

Prefer standard ResourceSpace logins.

If this is set to 'true' then users will be redirected to the login page by default where there will be the option to use Windows Authentication.

If 'false' then users will be logged in automatically should they access any page other than the login page itself.