The Cookie Authentication Single Sign-on Client allows you to easily integrate your login process with an external system via a specially formed cookie. Refer to the developer documentation for more details on how to create the SSO cookie.
In Telligent Community, Cookie Authentication has modern encryption options and is part of the public API. Note: If you have upgraded and are using the old Cookie settings from prior to 8.5, click the Legacy Encryption options tab. Most of your settings will be commuted there. However, you must select the "Use Legacy cookie encryption" check box on the Legacy Encryption Options tab if you want to continue using them. Bear in mind that the old encryption algorithms are deprecated.
Cookie SSO authentication is enabled, disabled, or configured via the Cookie Authentication Single Sign On Client plugin.
To enable and configure this plugin:
- Mouse over Management.
- Click Administration.
- Navigate to Authentication > Authentication methods.
- Click the Cookie Authentication Single Sign On Client plugin. The configuration panel Options tab appears.
- Click the Enabled check box.
- On the Options tab, fill in or select the appropriate option for the following fields:
- Authenticated user cookie name - The name of the authentication cookie.
- Cookie key name for username value - The key containing the authenticating name.
- Cookie key name for email address value - The key containing the authenticating email address, to be used for autoregistration.
- Cookie key name for expiry date - The cookie value containing its expiration date.
- Automatic automatic registration for new users - Enacts automatic account creation for authenticated users if checked.
- Profile refresh interval - The (day) frequency between refresh checks if profile sync is used.
- The URL for the login page - Enter the login page URL.
- The URL for the logout page - Enter the logout page URL.
- The URL for the page where a new user can create an account - Enter the new account creation page URL.
- The URL for the page where a user can change their password - Enter the password change page URL.
- The URL for the page where a user can request a password reset - Enter the password reset request page URL.
- The name of the querystring parameter for return URLs - If you have created a parameter name for the URLs, enter that here. Leave this empty to default to ReturnUrl.
- Click Save.
- On the Encryption options tab, fill in or select the appropriate option for the following fields:
- Use encrypted cookie - Recommended. Select this option if you are encrypting the authentication.
- Encryption algorithm -
- AES-HMAC - Using CBC specs.
- AES-GCM - Less frequently supported.
- HMAC key - If using AES-HMAC, enter the Base64-encoded key.
- Click Save.