Configuring remote authentication using LoginShare

LoginShare is a mechanism that can be used to authenticate users against any third party application.

Creating and maintaining customer records over multiple databases is a hassle. GFI HelpDesk offers this by providing LoginShare APIs which lets you authenticate against a third-party database/directory.

LoginShare API works by capturing authentication details, passing them to third-party for authentication and outputting XML payload to confirm the status of authentication.

• LoginShare is an all-in or nothing system. If authentication is not successful from third-party, GFI HelpDesk doesn’t fall back to the local database.
• A custom script is required to be created and specified in GFI HelpDesk. This script should be globally accessible. The server on which third-party source exists must allow requests to be received from and placed to the web server on which script is placed.
• The script should capture the POST variables (interface, IP addressAn identifier assigned to devices connected to a TCP/IP network. and authentication details) sent by GFI HelpDesk login form, dispatch them for authentication to the third-party source, and retrieve and output the result in XML format.
• A local replica (account) is created or updated in GFI HelpDesk database per the information returned in XML. Linking is done on the basis of email address returned by script and password stored for a local profile is randomly generated.
• Any persistent change to the user or staff account (including password change) needs to be done at third-party source as authentication is done from there and local profile is updated per the information contained in XML returned on successful authentication

User loginShare

• For technical know-how (such as POST variables and XML output) and how to script must be specified in GFI HelpDesk, refer to Enabling LoginShare for User Accounts.

Mandatory XML nodes to be returned: ‘username’, ‘email’, ’usergroup’

User Group returned in XML should exist in the GFI HelpDesk and must be allowed on the template group from which authentication is being done.

• LoginShare has to be enabled for a template group (via ‘Use LoginShare to authenticate users’ setting) to route login requests to the specified loginShare script.

Location: Admin interface > Options > Templates > Groups

If you need to support local database authentication along with third-party, you can create a new template group and disable loginShare. A template group (that is, a unique front-end) can be accessed directly through a web browser via:

gfihelpdeskdomain/index.php?/templategroupname

Staff loginShare

• For technical know-how (such as POST variables and XML output) and how to script must be specified in GFI HelpDesk, refer to Enabling LoginShare for Staff User Accounts.

Mandatory XML nodes to be returned: ‘firstname’,’lastname’,’team’,’email’

Staff Team returned in XML should exist in the GFI HelpDesk. We recommend disallowing loginShare access on ‘admin’ interface to prevent accidental access and keep GFI HelpDesk secure.