Given a username, iterates through all configured LDAP providers attempting to find a matching user.
The return format is identical to the getAuthStatus method's response. If authentication is successful this method returns authenticated: true in the response along with details of the iCM Site User that was created/updated as part of the authentication process.
If while rendering a page the site has LDAP credentials made available to it - either via IIS or some other means - and LDAP authentication has been enabled the site should call this method first to attempt to log the user in seamlessly via LDAP. If logging in via LDAP is unsuccessful the site should take appropriate measures, perhaps displaying the default login form instead.
If the 'siteuser' iCM maintenance area is offline this method will return an error stating that site logins are currently disabled.
Parameters
| Name | Type | Description |
|---|---|---|
| username | String (UUID), required | The LDAP username of the user to authenticate. May contain the domain, eg MYDOMAIN\mavis. |
| siteUserGroupIds | Array<Long>, required | Additional site groups that the iCM Site User created by the authentication process should be added to. Typically this would include the id of the designated subsite specific iCM site user group. |
Response Fields
| Name | Type | Description |
|---|---|---|
| authenticated | boolean | Whether authentication was successful or not. |
| providerName | String | Name of the provider the user successfully logged in with. |
| actionError | Map | Not null if an error occurred (i.e. an exception was thrown that could not be recovered from){ |
| actionFailure | Map | Not null if an authentication failure occurred (ie wrong username/password){ |
| arbitraryReturnData | Map | Arbitrary information that can be returned from any AuthAction, e.g. token values. May be of use in the future. |
| userConsentedToDataStorage | Boolean | Whether the user consented to having their data from a third party stored or not. |
| siteUser | Map | Contains details about the site user - essentially the return format of CSUserProfile_get. Includes the UserID, ObjectData, etc. Also includes 'SiteUserGroups', an array of groups of the user is a member of including the GroupID, GroupName, and Description. |
Example Request
{
"id": "1",
"jsonrpc": "2.0",
"method": "authenticateViaLDAPSSO",
"params": {
"username": "johnt",
"siteGroupIds": [1]
}
}
Example Response
{
"id": "635998609805441605",
"jsonrpc": "2.0",
"result": {
"result": {
"authenticated": true,
"providerName": "devdc1",
"actionError": null,
"actionFailure": null,
"arbitraryReturnData": {},
"userConsentedToDataStorage": true,
"siteUser": {
"UserID": 31,
"UserName": "DC1_JOHNT",
"CreatedBy": "AuthWorker_devdc1",
"LastUpdatedBy": "AuthWorker_devdc1",
"DateCreated": "2016-06-01T15:45:21Z",
"DateLastUpdated": "2016-06-02T09:33:34Z",
"Type": "USERPROFILE",
"UserProfileType": "USERPROFILE",
"ObjectID": 123,
"ObjectData": {
"TITLE": "Mr",
"FORENAME": "Joshua",
"SURNAME": "Smith"
},
"SiteUserGroups": [{
"GroupID": 20,
"GroupName": "DEVDC1",
"Description": "devdc1"
}]
}
}
}
}
Share this page
