Knowledge Base

Different ways for Remote Authentication

Article ID: 377
Last updated: 29 Nov, 2017

There are two different types of remote authentication. It is controlled by the KB_AUTH_TYPE constant:

  1. Adding/refreshing remote user data to KBPublisher and authenticate user.
  2. Authentication by existing KBPublisher user.


Adding/refreshing remote user data to KB and authenticate user

KB_AUTH_TYPE = 1

On success, the authentication function remoteDoAuth should return an associative array with the following keys:

  • first_name
  • last_name
  • email
  • username
  • password-- as the user types when they login, that is, not encrypted
  • remote_user_id -- a unique userID stored in your system
  • role_id - (optional)
  • priv_id - (optional) privilege for user. If user has a privilege, he will have access to Admin Area


Authentication by existing KBPublisher user

KB_AUTH_TYPE = 2

On success, the authentication function remoteDoAuth should return.

  • the user_id of the user in the KBPublisher USER table  (kbp_user)
    OR
  • Associative array with keys (user_id, username), for example: array('user_id'=>7, 'username'=>'Test').


There are also other configuration variables

  • KB_AUTH_AREA
    1 - Enabled for Public area only, remote authentication allowed on Public Area login screen
    2 - Enabled for Public and Admin areas
  • KB_AUTH_LOCAL
    0 - never try to authenticate by KBPublisher built in authentication
    1 - always try to authenticate by KBPublisher built in authentication first
    2 - will try to authenticate by KBPublisher built in authentication if Remote Authentication failed
  • KB_AUTH_LOCAL_IP
    Only users with specified IP(s) are allowed to be authenticated by KBPublisher's built in authentication
    it only matters when KB_AUTH_LOCAL = 1 or 2.
    You can set a specific IP or an IP range. Use an "-" to separate IP ranges, and a";" to separate individual IP addresses.
    For example: 127.0.0.1;210.234.12.15;192.168.1.1-192.168.255.255
  • KB_AUTH_REFRESH_TIME
    The time, in seconds, to rewrite user data, (3600*24*30 = 30 days), works if KB_AUTH_TYPE = 1
    0 - never. Once the user is created, data in kb table never updated by script
    1 - on every authentication request user data in the knowledgebase will be synchronized with data provided by script.
  • KB_AUTH_RESTORE_PASSWORD_LINK
    Here you may provide a link where your remote users can restore their password.
    Set to false not to display the restore password link at all.
    KBPublisher will determine whether to set your link or the built-in one.
  • KB_AUTH_AUTO (Using Auto Authentication)
    This variable controls whether or not the user sees a login screen and has to log in to KBPublisher, or whether they are automatically logged in.
    0 - Disabled, user gets login screen
    1 - Enabled, user doesn't see login screen
    2 - Enabled, in debug mode. User doesn't see login screen. It allows not to block "Auto Auth" if authentication failed.  
         Use only for debugging and don't forget to change back to 1 or 0 when you have authentication working.
Article ID: 377
Last updated: 29 Nov, 2017
Revision: 2
Views: 2926
Comments: 0
print  Print pdf  Export to PDF email  Subscribe share  Share pool  Add to pool comment  Add comment
Prev     Next
Using Active Directory for Remote Authentication       Remote Authentication scenarios