Authentication System

Authentication refers to verifying the validity of a connection target.
In Garoon, authentication is performed at the time of logging in and after logging in.

Login Authentication

Authentication performed at the time of logging in to Garoon is called login authentication.
The authentication types available for login authentication are as follows.

Authentication Type Description
Standard Authentication Authenticate using Garoon authentication information. The authentication results are saved in Cookie1.
Environment Variable Authentication Authenticate using information set for environment variables. This authentication method is used for many single sign-on products.
If you want to set up single sign-on with third-party products, contact the Cybozu official partner.
You can find our partners by searching Cybozu Partner Network.

1: Cookies issued by Garoon have the following attributes.

  • Http-only attribute:
    Prevent the tampering of cookies through script (e.g., JavaScript) from client computers.
  • Secure attribute:
    Issue cookies only when HTTPS is used for communications.

Session Authentication

After logging in to Garoon, whenever users perform various actions, session authentication is performed.
The authentication types available for session authentication are as follows.

Authentication Type Description
Standard Authentication Authenticate using Garoon authentication information. The authentication results are saved in Cookie1.
Environment Variable Authentication Authenticate using information set for environment variables. This authentication method is used for many single sign-on products.
If you want to set up single sign-on with third-party products, contact the Cybozu official partner.
You can find our partners by searching Cybozu Partner Network.
Cybozu Common Authentication Garoon can share authentication information with other Cybozu products. The authentication results are saved in Cookie1.
Open Integrated Authentication ver.2 Garoon can share authentication information with other Cybozu products and third-party products. The authentication results are saved in Cookie1.
For the following items, set identical values as those of the product being connected.
  • Cookie name
  • Integrated authentication password
  • Integrated authentication password (for confirmation)
  • Publishing domains
Open Integrated Authentication ver.1 Open Integrated Authentication ver.1 is deprecated in Garoon version 5.15.0.
Garoon can share authentication information with third-party products. The authentication results are saved in Cookie1.
As a security measure, we recommend that you specify only the required range of Cookie issuance paths, which are set in the Open Integrated Authentication ver.1.
For the following items, set identical values as those of the product being connected.
  • Integrated authentication password
  • Integrated authentication password (for confirmation)
  • Cookie issuing domain
  • Cookie issuance path

1: Cookies issued by Garoon have the following attributes.

  • Http-only attribute:
    Prevent the tampering of cookies through script (e.g., JavaScript) from client computers.
  • Secure attribute:
    Issue cookies only when HTTPS is used for communications.

Authentication Database

Set which database to use when performing login authentication or session authentication.
You can switch which authentication information to refer to, depending on the authentication type.

The following two types of databases can be used for authentication.

  • Standard Database:
    This is the default database used for authentication. Authenticates using the Garoon user information.
  • Authentication Database:
    You can register an authentication server of your choice. Only LDAP server can be added.

Example of Authentication Settings

By combining login authentication and session authentication, you can configure authentication such as the following

  • Login Authentication:
    • Authentication type: Standard Authentication
    • Authentication database: Use an LDAP server
  • Session Authentication:
    • Authentication type: Open Integrated Authentication ver. 2
    • Authentication database: Use an LDAP server

Example of Login Authentication:

An illustration showing an example of login authentication settings

Example of Session Authentication:

An illustration showing an example of session authentication settings