The <authentication> element is for configuring single sign-on authentication providers in the domain. For example, the login screen could prompt for BrainHoney username and password, and it could also accept a SAML authentication from a portal page. By default, a domain uses Local (BrainHoney) authentication.
If the SAML authentication provider is included, the SAML identity provider manifest (typically obtained from the SAML identiy provider) must be stored in the domain content area at “SAML/idp-meta.xml”. For all other providers, the detailed parameters are included in the customization.xml file. For details about the format of the "idp-meta.xml" file, please see the SAML standards documents or the documentation of your SAML Identity Provider.
Note: If you change the URL to your SAML server you need to refresh the BrainHoney servers by editing the customization XML.
For other providers, the detailed parameters are included inline as documented below.
<provider type="Local" [displayname="string"] [showlogincontrol="boolean"]/>
<provider type="SAML" [displayname="string"] [showlogincontrol="boolean"] [version="string"]/>
|authentication||loginprefix||Optional override of the default login prefix. When not specified uses the current domain.|
|authentication / provider||type||Identifies the authentication provider type.|
|displayname||Specifies the text to display next to the login screen's credential prompt for this provider. This only has an effect if multiple login providers are enabled for the same domain.|
|showlogincontrol||Controls whether a login prompt appears for this provider on the login screen. When true, the welcome and login screens display either a prompt for credentials or a login button that redirects to the authentication provider. When false, this provider will not appear on the login screen. It's very unusual to set this to false.|
|authentication / provider||version|| Controls which SAML version to use. Version 1 uses the Brainhoney SAML code. Version 2 uses the xLi Platform SAML code. Regardless of the version used, SSO will work the same. The default is version 1. |
|authentication / provider / server||
The URL of the CAS server that should be used when authenticating users for this domain.
|authentication / provider / logout||
When set to true, logs the user out of the CAS server when clicking the logout link. Otherwise the user is logged out of BrainHoney only.