Skip to main content

Single Sign-On via Windows Authentication

Txture supports relying on an IIS proxy to authenticate users. The IIS reverse proxy authenticates the client and adds a header to the request. Txture trusts this header and it is therefore paramount that there is no other way to access Txture other than through the reverse proxy.

Upon arrival of a request the extracted username is matched against the Txture user database. This implies that user accounts must be previously created by other means such as an import from Active Directory or manually.

The following section outlines the configuration options in the txture.properties file.

# PROPERTY: txture.security.sso.enabled
# DESCRIPTION: This property defines whether SSO is enabled (or not) and which SSO method is used.
# Valid modes and values for this property are
#
# - txture.security.sso.enabled=header
#				means that a pre-authenticated token that reflects the username is sent with each
#				HTTP request. The determined username is only checked for existence within the
#				internal user database. Please note the dedicated section of properties related to
#				header authentication under 'txture.security.sso.header.*'
# - txture.security.sso.enabled=ntlm
#				means that a token that reflects the username is sent with each
#				HTTP request and gets pre-authenticated via a challenge-response against the
#				(Windows) infrastructure. The determined username is finally checked for existence
#				within the internal user database. Please note the dedicated section of properties
#				related to NTLM authentication under 'txture.security.sso.ntlm.*'
# - txture.security.sso.enabled=false
#				means that SSO is disabled and that a login screen should be presented to users.
txture.security.sso.enabled=false


# PROPERTY: txture.security.sso.header.name
# DESCRIPTION: This property defines the name of the header parameter that contains the user name.
txture.security.sso.header.name=REMOTE_USER

# PROPERTY: txture.security.sso.header.pattern
# DESCRIPTION: This property defines the pattern (as regular expression) that needs to be applied
# to received header values in order to mask the actual contained user name. Note that in order
# to extract a part of the given value, a matching group must be defined (by using '(' and ')').
txture.security.sso.header.pattern=(.*)

# PROPERTY: txture.security.sso.ntlm.pattern
# DESCRIPTION: This property defines the pattern (as regular expression) that needs to be applied
# to the 'remote user' header property in order to mask the actual contained user name. Note that
# in order to extract a part of the given value, a matching group must be defined (by using '('
# and ')').
txture.security.sso.ntlm.pattern=.*?\\\\(.*)