LiveWhale

Supported login protocols for LiveWhale

Explanation of the login protocols supported by LiveWhale.

This setting can be adjusted using the master LiveWhale configuration. (Please see “Configuring LiveWhale” for more information.)

Access to LiveWhale can be configured in three different ways.

  1. By default, LiveWhale will use its own built-in authentication scheme. Usernames and passwords are stored in the LiveWhale database (passwords encrypted), and the login functionality is database driven. Unless an existing authentication mechanism is in place and desirable, this is the normal approach.
  2. LiveWhale can also be configured to adopt an existing LDAP server for its authentication. In this case, the LDAP connectivity options should be provided, as well as a base DN identifying users who should be allowed access to LiveWhale.
  3. Also, SSOs (such as WebAuth) are supported. With this option, the /livewhale directory would be protected using the SSO and LiveWhale will use the authentication credentials inherited by the external SSO login for access.

Open the master LiveWhale config (/livewhale/core/config.php) using an FTP client or via the command line.

Configure the type of login you wish to use with the LOGIN_MODE setting. Set it to “password”, “LDAP”, or “SSO” accordingly.

If you are using the default “password” login mode or the “LDAP” mode, set the LOGIN_TIMEOUT and LOGIN_SECURE settings as desired. LOGIN_TIMEOUT determines the amount of time a person should remain logged in before their session expires. LOGIN_SECURE forces logins to persist over HTTPS only. These settings are not applicable in SSO mode.

If you are using the “LDAP” mode, set the LDAP settings accordingly. These are:

  • LDAP_HOST

Set this to the LDAP host. If the LDAP server is running on the same server as your web site, you may set this to “localhost”.

  • LDAP_PORT

If the LDAP server is using a different port than the default, you may set it here.

  • LDAP_DN

Set this to the base DN identifying LDAP users who should be allowed access to LiveWhale.

  • LDAP_SSL

Set this to true if LDAP connections should be established with SSL, false if not.

If you are using LDAP and need to authenticate using one DN but then require searching against a second DN to authenticate users for LiveWhale, two additional settings may be used:

  • LDAP_SEARCH_USER

Set this to the DN that identifies the master user you wish to authenticate as to perform a subsequent search.

  • LDAP_SEARCH_PASS

Set this to the password for the master user.

Note: Enabling LOGIN_SECURE is a highly recommended security feature! When enabled, all LiveWhale logins will take place over SSL (HTTPS) connections, and will enforce that HTTPS is used throughout the duration of the session. In order to use this feature, your site must be fully accessible over SSL.

Failed logins will be recorded in the server log, including the username that was attempted. This can be reviewed to detect malicious login attempts, or to discover a user who may have forgotten their login credentials.

Need more help? We’re here for you! If this document doesn’t address your question, or if you’d just like to know more, please send an email to support@livewhale.com and we’ll get back to you with more information!