Session Authentication Settings

Session authentication allows you to log in with single sign-on to the connected system using authentication information authenticated in Garoon. You can also access Garoon with single sign-on using the authentication information obtained from other connected systems.

Adding Session Authentications

Add session authentication.
For session authentication, you set the information required to share authentication information between Garoon and other products and systems.
The authentication types available for session authentication are as follows.

  • Standard Authentication
  • Environment Variable Authentication
  • Cybozu Common Authentication
  • Open Integrated Authentication ver. 2:
    Open Integrated Authentication ver.1 is deprecated in Garoon version 5.15.0.

By default, standard authentication is selected.
For details on authentication types, see the "Session Authentication" section.

Steps:
  1. Click the Administration menu icon (gear icon) in the header.

  2. Click System settings.

  3. Select "Basic system administration" tab.

  4. Click Authentication.

  5. Click Session authentication.

  6. On the "Session Authentication" screen, click Add.

    Image of the link to add session authentication

  7. On the "Add Session Authentication - Step 1/2" screen, select the session authentication type, and then click Next.

    Image of setting a session authentication method

    The following authentication types are available.

    • Environment Variable Authentication
    • Open Integrated Authentication ver. 2:
      To add Cybozu Common Authentication, select Open Integrated Authentication ver. 2.
      Open Integrated Authentication ver.1 is deprecated in Garoon version 5.15.0.

  8. On the "Add Session Authentication - Step 2/2" screen, set the required items.

    Image of adding a session authentication

    For details on the setting items, see the "Session Authentication Setting Items" section.

  9. Confirm your settings and click Add.

Session Authentication Setting Items

Fill in the fields as needed for the authentication type.

Environment Variable Authentication

The environment variable authentication settings are as follows.

Item Description
Name Enter a display name for the session authentication.
The name is mandatory.
Environment Variable Name Enter the name of the environment variable you want to use for authentication.
Prefix If you exclude any string from the value of the environment variable, enter the first string to be excluded.
Suffix If you exclude any string from the value of the environment variable, enter the last string to be excluded.
Authentication Database Select the database that you want to use for authentication.
To authenticate in Garoon itself, select "Standard Database".
If you want to authenticate using an LDAP server, select an LDAP server that has been added as an authentication database.
Open Integrated Authentication ver. 2 and Cybozu Common Authentication

The following are the setting items for Open Integrated Authentication ver. 2 and Cybozu Common Authentication.

Item Description
Name Enter a display name for the session authentication.
The name is mandatory.
Mode You can select one of the following options:
  • Open Integrated Authentication ver.2
  • Cybozu Common Authentication
If you have already configured session authentication using Open Integrated Authentication ver. 2, you can only select "Cybozu Common Authentication".
This mode must be set.
Cookie name1 Enter a Cookie name to be issued by Garoon or to be authenticated.
This field is valid only when the mode is Open Integrated Authentication ver. 2.
The Cookie name issued by Garoon is "CB_OPENAUTH".
The following Cookie name cannot be specified.
  • CB_CLOGIN
  • CB_PLOGIN
  • CB_API
  • GRN_Account
  • CBSESSID
Authentication Password1 Password used for authentication. Enter a common password used for the connected system.
You must set this authentication password.
Authentication password (for confirmation)1 Enter the password you entered in the "Authentication password" field.
You must confirm the authentication password.
Active Time Select the effective time for cookies issued by Garoon.
After accessing Garoon, the Cookie issued by Garoon will be discarded if the time you set elapses.
This active time must be set.
Issuing Domain1 Enter a common domain used in Garoon and the connected product.
Domains that are lower than the entered domain are the scope of the Cookie.
Example: sample.cybozu.com
Authentication Database Select the database that you want to use for authentication.
To authenticate in Garoon itself, select "Standard Database".
For Open Integrated Authentication ver. 2, select "Standard Database".
If you want to authenticate using an LDAP server, select an LDAP server that has been added as an authentication database.
1: Set the same value as the product being connected.
Open Integrated Authentication ver. 1

Open Integrated Authentication ver.1 is deprecated in Garoon version 5.15.0.
The following are the setting items for Open Integrated Authentication ver.1.

Item Description
Name Enter a display name for the session authentication.
The name is mandatory.
Integrated Authentication password1 Password used for authentication. Enter a common password used for the connected system.
You must set this integrated authentication password.
Integrated Authentication Password (for confirmation)1 Enter the password you entered in the "Integrated Authentication password" field.
You must confirm the integrated authentication password.
Active Time Select the effective time for cookies issued by Garoon.
After accessing Garoon, the Cookie issued by Garoon will be discarded if the time you set elapses.
Cookie issuing domain1 Enter a common domain used in Garoon and the connected product.
Example: sample.cybozu.com
Cookie Issuance Path1 Enter a common path used for Garoon and the connected product.
As a security measure, it is recommended that you specify only the required range.
Example: /scripts/cbgrn/
Authentication Database Select the database that you want to use for authentication.
To use the Garoon server as the authentication server, select "Standard Database".
1: Set the same value as the product being connected.

Changing Session Authentications

Change the display name, authentication database, and so on. Editable fields vary, depending on the session authentication type.
For Standard Authentication, only display name and authentication database can be changed.

Steps:
  1. Click the Administration menu icon (gear icon) in the header.

  2. Click System settings.

  3. Select "Basic system administration" tab.

  4. Click Authentication.

  5. Click Session authentication.

  6. On the "Session Authentication" screen, click the display name of the session authentication you want to change.

  7. On the "Session Authentication Details" screen, click Edit.

    Image of the edit action link

  8. On the "Change Session Authentication" screen, change the settings as necessary.

  9. Confirm your settings and click Save.

Deleting Session Authentications

Delete session authentication. If you delete session authentication, single sign-on using that authentication is disabled.
You cannot delete Standard Authentication.

Steps:
  1. Click the Administration menu icon (gear icon) in the header.

  2. Click System settings.

  3. Select "Basic system administration" tab.

  4. Click Authentication.

  5. Click Session authentication.

  6. On the "Session Authentication" screen, select the check box for the session authentication you want to delete, and click Delete.

    Image showing the selection of session authentication to be deleted

  7. Click Yes on the "Delete all session Authentication" screen.

Selecting a Session Authentication to Use

Select the authentication type for the session authentication that you want to use.
Multiple session authentication can be used in combination. The session authentication that is being used is displayed as "Disable".

Steps:
  1. Click the Administration menu icon (gear icon) in the header.

  2. Click System settings.

  3. Select "Basic system administration" tab.

  4. Click Authentication.

  5. Click Session authentication.

  6. On the "Session Authentication" screen, click Use for the session authentication that you want to use.

    Image showing the Enable button

  7. Confirm that "Disable" is displayed in the "Usage" field of the selected session authentication.

Stop Using the Selected Session Authentication

Stop using session authentication.

Steps:
  1. Click the Administration menu icon (gear icon) in the header.

  2. Click System settings.

  3. Select "Basic system administration" tab.

  4. Click Authentication.

  5. Click Session authentication.

  6. On the "Session Authentication" screen, click Inactive for the session authentication that you want to stop using.

    Image showing the Disable button

  7. Confirm that "use" is displayed in the "Usage" field of the session authentication, which has been disabled.