Leo User Guide

Login and Authentication

Updated on

Path: Admin Toolbar > Advanced > Account Manager > System Admin Options > Login and Authentication

  • Login Form Alignment: This allows you to customize the placement of the login form. You can choose to position the login box in the center, left, or right of the screen.  If you choose to not select an option, Leo will default your login box to the right hand side. You may want to try different settings based on the background image you choose to upload.
  • Login Screen Background Image:You can customize the background image on your login screen. The optimal size is 1920px X 1080px, however 1366px X 768 px may display fine.
    • To upload a new image click on the Upload New Image link and then select the uploaded image from the drop-down box.
    • Please note: if the uploaded image file name does not appear in the drop-down box, it may be necessary to reload the Account Manager after uploading the image. 
  • Login Help Title: This is the text displayed for the MailTo link under the login.
  • Login Help URL or mailto:[email protected]Enter the email address of the individual or mailing list that will respond to User requests for help with logging in.
  • Login Greeting: This text will appear at the top of the login screen.
  • Login Logo: This is the logo that will go to the left of the login options. Optimal size is 210 X 210.
  • Maximum login attempts: Enter the maximum number of consecutive failed logins attempts before a User is locked out. 0=no limit
  • Transfer-to-system: This specifies the domain name and account [domainName], [account] that the User will be transferred to after login.
  • Logout Confirmation Custom Text: This is the text that will be displayed when the User confirms that they want to log out.
  • Login password reset: (Check box): This option will allow Users to request a password reset for their local account from the login screen. Once requested, they'll receive an email with a secure link with which they can reset their local password. Does NOT apply to single sign-on (SSO).
  • Login by Email Address: (Check box): This option will allow Users to use their primary Leo email address as an alternate netID.
  • Max Concurrent Logins: Maximum number of Users that can logon currently. Other logins will be queued until slots are available. Minimum value is 10.
  • Seconds per Login: Number of seconds required for a login. Minimum value is 10.
  • Disable Exam Portal redirect on login: (Check box): If a student logs in when an Exam is starting, they will be automatically redirected to the Exam Portal. If you prefer your system to NOT redirect, then check this box. This will disable this feature for all Exams.
  • Assessment Portal Link: (Check box): Enables access to alternate assessment portals (such as exams and evaluations) from the login page. Please note that you will need to reach out to the Leo Team if this is your first time configuring these portals.
  • Training Portal Link: (Check box): Enables the link on the login page to the Training Portal.
  • Curriculum Portal Link: (Check box): Enables the link on the login page to the Curriculum Portal from the Exam and Training Portals, allowing Users to go back to the main system from either the Exam or Training portals.

Options for CAS connectivity and authentication.

  • CAS is active: (Check box): CAS will only be used if this option is selected and the other CAS fields are filled in.
  • CAS Module: May activate additional CAS logic based on the module.
  • CAS Server: Enter the URL for the CAS server.
  • CAS Resolver: Enter the URL for the CAS server that will authenticate Users.
  • CAS Callback: This is the URL that CAS will redirect to after authentication is completed.
  • CAS Err Email List: This is a set of email addresses to be notified if the CAS server cannot be contacted.
  • CAS Validation URL: This is the URL that CAS uses to authenticate a User passed back from a CAS login. Required for CAS connection test.
  • CAS Validation Response: This is the response expected from CAS. Any response different than this response will be considered an error.

Options for LDAP connectivity and authentication.

  • LDAP is active: (Check Box): In order for LDAP to be active this flag must be set and the appropriate flags in other fields must be filled in.
  • LDAP Module: Will activate additional LDAP logic based on the module.
  • LDAP Server: Enter the URL for the LDAP server.
  • LDAP Version: Some LDAP servers require the version number to be specified.
  • Secure connection:  (Check Box): If selected Port636 will be forced.
  • Non-Standard Port: this options lets you specify a non-standard TCP port for connecting to the LDAP server.
  • LDAP Search: This defines the search parameters for the LDAP search.
  • LDAP User field: This defines the LDAP field where netIDs are kept.
  • LDAP Debug: (Check Box): If checked verbose transcripts of LDAP sessions will be written to /var/log/http/error_log.
  • LDAP User: Some LDAP systems require the server to authenticate. Enter that user ID here.
  • LDAP Password: Some LDAP systems require the server to authenticate. Enter the user password here. [If the password contains a dollar sign, enter a forward slash before the dollar sign.]

Options for Open ID authentication.

  • OpenID is active: (Check Box): OpenID will only be used if this option is selected and the other OpenID fields are filled in.
  • Provider URL: The URL that will be appended to the user ID. This will make the full URL for authentication.

Configure settings for the Sentinel authentication system.

  • Application ID: Sentinel application ID for this site.
  • Client User ID: Sentinel Client User ID for this site
  • Client Password: Sentinel Client Password for this site.
  • Service URL: Sentinel Service URL.
  • URL: Sentinel URL
  • CA Bundle: Directory in which the CA bundle for Sentinel is stored. Default is: /etc/pki/tls/certs/ca-bundle.crt
  • Call Back URL: Enter the complete URL to which Sentinel will return control after authentication.
  • Entry Page: This is the script that will be run when Sentinel redirects back to Leo after authentication.
  • SHIB System Name: Your institution's name or acronym commonly used to refer to your SHIB implementation (e.g. ONYEN, ThumbPrint). Should be easily recognizable by your Users.
  • SHIB Authentication URL*: If set, standard login screen will also show a link for SHIB authentication.
  • SHIB login prompt: Enter the text prompt for Users to authenticate via SHIB.
  • SHIB Exam Portal Authentication URL*: If set, standard login screen will also show a link for SHIB authentication.
  • SHIB Exam Portal login prompt: Enter the text prompt for Users to authenticate via SHIB.
  • SHIB Logout URL*: Enter an optional URL for complete SHIB logout.
  • SHIB Logout Message: Enter a text prompt for the User for the logout URL.

NOTE: Options with an asterisk (*) may be superseded by settings in bdlocal.

  • Use SOAP Authentication: (Check box): If you wish to use SOAP authentication as one of your authentication options.
  • Server: Enter the name or IP address of the SOAP authentication server.
  • Port: Enter the IP port # for SOAP authentication or leave this blank for the default (443).
  • User: Enter the name of the user or account used to connect to the SOAP server.
  • Password: Enter the password required for connecting to the SOAP server.
Previous Article System Admin Menu Options
Next Article Menu Access