Cisco Unified MeetingPlace, Release 7.0 -- About User Authentication in Cisco Unified MeetingPlace Web Conferencing
Main page: Cisco Unified MeetingPlace, Release 7.0
Up one level: Configuration
By default, the web conferencing application prompts users for login credentials by using an HTML web form, then authenticates them against the Cisco Unified MeetingPlace user profile database. However, you can select to authenticate Cisco Unified MeetingPlace against third-party authentication software that provides different authentication behaviors. This can include different login windows, authentication against other user profile databases, or both.
User Authentication Options in Cisco Unified MeetingPlace Web Conferencing
Cisco Unified MeetingPlace Web Conferencing provides the following authentication configuration options:
- HTTP Basic Authentication (Domain)
- LDAP, then MeetingPlace
- Trust External Authentication
- Windows Integrated Authentication
Integration with third-party authentication software can provide the following benefits:
- Centralized user database-Facilitates profile management.
- Single Sign-On (SSO)-Allows users who have already been authenticated once to have access to all resources and applications on the network without having to re-enter their credentials.
- For SSO to work, you must ensure that Cisco Unified MeetingPlace user IDs are set up so that they match the corresponding user IDs used by the third-party authentication software. You can configure Web Conferencing to automatically convert case so that Cisco Unified MeetingPlace user IDs and corresponding user IDs used by third-party authentication software match.
Note: While all authentication methods can be applied to internal or external servers, some authentication methods may not make sense for a DMZ environment. For more information about web conferencing support for DMZ environments, see Configuring External Access to Cisco Unified MeetingPlace Web Conferencing.
Restrictions: User Authentication and Load Balancing
In a Cisco Unified MeetingPlace load-balancing cluster, all users must enter the Cisco Unified MeetingPlace system through a designated Cisco Unified MeetingPlace Web Server. In such circumstances, you only need to configure the designated Web Server for your chosen authentication method. You can configure all other Web Servers in the cluster to use the default authentication method-MeetingPlace Web Form Authentication.
If, however, you want to configure other Web Servers in the cluster to use the same authentication method as a failover strategy, you can. Depending on the type of authentication method used though, this configuration can result in undesirable SSO behaviors.
For example, if you configure HTTP Basic Authentication or Windows Integrated Authentication, Cisco Unified MeetingPlace will prompt users for login credentials each time there is a Web Server redirect. This is because you are altering the hostname in the authentication configuration each time you redirect traffic to an active Web Server through a DNS change. If you configure LDAP or MeetingPlace authentication, users will not be prompted again for login credentials during a web conferencing redirect.