Session Authentication Settings
Session authentication allows you to log in with single sign-on to the connected system using authentication information authenticated in Garoon. You can also access Garoon with single sign-on using the authentication information obtained from other connected systems.
Adding Session Authentications
Add session authentication.
For session authentication, you set the information required to share authentication information between Garoon and other products and systems.
The authentication types available for session authentication are as follows.
- Standard Authentication
- Environment Variable Authentication
- Cybozu Common Authentication
- Open Integrated Authentication ver. 2:
Open Integrated Authentication ver.1 is deprecated in Garoon version 5.15.0.
By default, standard authentication is selected.
For details on authentication types, see the "Session Authentication" section.
-
Click the Administration menu icon (gear icon) in the header.
-
Click System settings.
-
Select "Basic system administration" tab.
-
Click Authentication.
-
Click Session authentication.
-
On the "Session Authentication" screen, click Add.
-
On the "Add Session Authentication - Step 1/2" screen, select the session authentication type, and then click Next.
The following authentication types are available.
- Environment Variable Authentication
- Open Integrated Authentication ver. 2:
To add Cybozu Common Authentication, select Open Integrated Authentication ver. 2.
Open Integrated Authentication ver.1 is deprecated in Garoon version 5.15.0.
-
On the "Add Session Authentication - Step 2/2" screen, set the required items.
For details on the setting items, see the "Session Authentication Setting Items" section. -
Confirm your settings and click Add.
Session Authentication Setting Items
Fill in the fields as needed for the authentication type.
The environment variable authentication settings are as follows.
| Item | Description |
|---|---|
| Name | Enter a display name for the session authentication. The name is mandatory. |
| Environment Variable Name | Enter the name of the environment variable you want to use for authentication. |
| Prefix | If you exclude any string from the value of the environment variable, enter the first string to be excluded. |
| Suffix | If you exclude any string from the value of the environment variable, enter the last string to be excluded. |
| Authentication Database | Select the database that you want to use for authentication. To authenticate in Garoon itself, select "Standard Database". If you want to authenticate using an LDAP server, select an LDAP server that has been added as an authentication database. |
The following are the setting items for Open Integrated Authentication ver. 2 and Cybozu Common Authentication.
| Item | Description |
|---|---|
| Name | Enter a display name for the session authentication. The name is mandatory. |
| Mode | You can select one of the following options:
This mode must be set. |
| Cookie name1 | Enter a Cookie name to be issued by Garoon or to be authenticated. This field is valid only when the mode is Open Integrated Authentication ver. 2. The Cookie name issued by Garoon is "CB_OPENAUTH". The following Cookie name cannot be specified.
|
| Authentication Password1 | Password used for authentication. Enter a common password used for the connected system. You must set this authentication password. |
| Authentication password (for confirmation)1 | Enter the password you entered in the "Authentication password" field. You must confirm the authentication password. |
| Active Time | Select the effective time for cookies issued by Garoon. After accessing Garoon, the Cookie issued by Garoon will be discarded if the time you set elapses. This active time must be set. |
| Issuing Domain1 | Enter a common domain used in Garoon and the connected product. Domains that are lower than the entered domain are the scope of the Cookie. Example: sample.cybozu.com |
| Authentication Database | Select the database that you want to use for authentication. To authenticate in Garoon itself, select "Standard Database". For Open Integrated Authentication ver. 2, select "Standard Database". If you want to authenticate using an LDAP server, select an LDAP server that has been added as an authentication database. |
Open Integrated Authentication ver.1 is deprecated in Garoon version 5.15.0.
The following are the setting items for Open Integrated Authentication ver.1.
| Item | Description |
|---|---|
| Name | Enter a display name for the session authentication. The name is mandatory. |
| Integrated Authentication password1 | Password used for authentication. Enter a common password used for the connected system. You must set this integrated authentication password. |
| Integrated Authentication Password (for confirmation)1 | Enter the password you entered in the "Integrated Authentication password" field. You must confirm the integrated authentication password. |
| Active Time | Select the effective time for cookies issued by Garoon. After accessing Garoon, the Cookie issued by Garoon will be discarded if the time you set elapses. |
| Cookie issuing domain1 | Enter a common domain used in Garoon and the connected product. Example: sample.cybozu.com |
| Cookie Issuance Path1 | Enter a common path used for Garoon and the connected product. As a security measure, it is recommended that you specify only the required range. Example: /scripts/cbgrn/ |
| Authentication Database | Select the database that you want to use for authentication. To use the Garoon server as the authentication server, select "Standard Database". |
Changing Session Authentications
Change the display name, authentication database, and so on. Editable fields vary, depending on the session authentication type.
For Standard Authentication, only display name and authentication database can be changed.
-
Click the Administration menu icon (gear icon) in the header.
-
Click System settings.
-
Select "Basic system administration" tab.
-
Click Authentication.
-
Click Session authentication.
-
On the "Session Authentication" screen, click the display name of the session authentication you want to change.
-
On the "Session Authentication Details" screen, click Edit.
-
On the "Change Session Authentication" screen, change the settings as necessary.
-
Confirm your settings and click Save.
Deleting Session Authentications
Delete session authentication. If you delete session authentication, single sign-on using that authentication is disabled.
You cannot delete Standard Authentication.
-
Click the Administration menu icon (gear icon) in the header.
-
Click System settings.
-
Select "Basic system administration" tab.
-
Click Authentication.
-
Click Session authentication.
-
On the "Session Authentication" screen, select the check box for the session authentication you want to delete, and click Delete.
-
Click Yes on the "Delete all session Authentication" screen.
Selecting a Session Authentication to Use
Select the authentication type for the session authentication that you want to use.
Multiple session authentication can be used in combination. The session authentication that is being used is displayed as "Disable".
-
Click the Administration menu icon (gear icon) in the header.
-
Click System settings.
-
Select "Basic system administration" tab.
-
Click Authentication.
-
Click Session authentication.
-
On the "Session Authentication" screen, click Use for the session authentication that you want to use.
-
Confirm that "Disable" is displayed in the "Usage" field of the selected session authentication.
Stop Using the Selected Session Authentication
Stop using session authentication.
-
Click the Administration menu icon (gear icon) in the header.
-
Click System settings.
-
Select "Basic system administration" tab.
-
Click Authentication.
-
Click Session authentication.
-
On the "Session Authentication" screen, click Inactive for the session authentication that you want to stop using.
-
Confirm that "use" is displayed in the "Usage" field of the session authentication, which has been disabled.