Documentation forWeb Help Desk

Configure the authentication settings

The Authentication settings allow you to configure the authentication methods used to access Web Help Desk.

If you plan to install FIPS 140-2 compliant cryptography in your deployment, use the Password Security Migration Tool to encrypt all client and tech account passwords to FIPS 140-2 cryptography prior to activation. The migration tool invalidates all stored client and tech passwords that use a weaker cryptography standard.

All techs who did not log in to Web Help Desk before their planned migration date will not be able to log in. To enable techs to recover their password, select Web Help Desk as the Authentication Method and select the Show Forgot Password Button checkbox.

Configure the authentication method and settings

  1. In the toolbar, click Setup and select General > Authentication.
  2. Click the drop-down menu and select option that defines how Web Help Desk identifies users when they log in.

    The following table describes each menu option.

    Authentication Method Description
    Web Help Desk

    Authenticates the user with the user name and password.

    User names and passwords are pulled from the Web Help Desk database or imported from Active Directory or LDAP connections.

    SAML 2.0

    (Security Assertion Markup Language)

    An XML protocol that provides authentication from an identity provider (IdP) to a service provider (SP).

    See Deploy SSO with SAML Using AD FS for details about configuring SAML with AD FS for Web Help Desk.

    Configure AD FS separately for Web Help Desk integration. See the AD FS 2.0 step-by-step and how-to guides at the Microsoft Docs website for more information.

    CAS 2.0

    (Central Authentication Service)

    Uses a single sign on (SSO) service URL to authenticate the user provided by Web Help Desk.

    The CAS server sends the user back to Web Help Desk and attaches a digital ticket to the Web Help Desk URL. Web Help Desk submits the ticket to the CAS validate URL to obtain the authenticated user name.

    See Deploy SSO with CAS 2.0 for details on how to set up CAS 2.0 on your Web Help Desk Tomcat server.

    Servlet Authentication

    (Apache Tomcat installations only)

    Provides the authenticated user name to Web applications using the HttpServletRequest.getRemoteUser() method.

    Use Windows Authentication Framework Light Edition (WAFFLE) at your own risk for Web Help Desk servlet authentication. SolarWinds does not support this SSO method.

    See Servlet Single Sign On Security Filter at the GitHub website for details about configuring WAFFLE.

    See the SolarWinds THWACK website and this KB article for additional information.

    HTTP Header Uses Web servers (such as Apache HTTP Server) to forward externally-authenticated user information using HTTP headers.
    HTTP Form Value Forwards the authenticated user name through an HTTP name/value pair instead of an HTTP header.
  3. Select your authentication method options. Based on your selected method, some options may not apply.

    1. Select the checkbox to display the Password and Confirm Password fields. Otherwise, leave this checkbox unchecked.

    2. Select the checkbox to display the Login Message text in the Log In window.

    3. If you selected the Show Login Message checkbox, enter a message that displays in the user Log In window.

      See Customize tickets, notes, instructions, and emails with BBCode for details about customizing your login message field text.

    4. Select the checkbox to display the Remember Login ID option in the Log In window.

    5. If available, select the checkbox to display the Remember me checkbox in the Log In window.

    6. Select the checkbox to display the Show Forgot Password button in the Log In window.

      If the checkbox is not selected and the Show Forgot Password button is not enabled, users are prompted to contact their Web Help Desk administrator to reset their password.

    7. Enter a message in the text box that provides instructions when a user forgets their password. Include an administrator email address in case a user needs to contact you when they are locked out of the application.

    8. Click the drop-down menu and select the number of user attempts before the user is locked out of the application.

  4. Enter the targeted URL that Web Help Desk redirects to when the user logs out.

    If you are using SAML or CAS authentication, this page signs the user out of all system services or provides the option to sign out.

    Leave this field blank to use the Web Help Desk default logout page.

  5. Enter the number of minutes a tech or administrator session remains active with no application requests.

  6. Enter the number of minutes a client session remains active with no application requests.

  7. Select the checkbox to prevent tech sessions from timing out when the tech has a web browser window opened with the Web Help Desk tech interface.

  8. Select the checkbox to indicate whether external links to Web Help Desk (such as those included in emails that link to attachments and FAQs) require the user to authenticate. The user must have a valid password.

    If the checkbox is not selected, an unauthorized user could access sensitive information by simply obtaining the URL.

    If automatic login is enabled and the user is authenticated, cookies provide the authentication credentials. As a result, the user is not required to log in.

  9. Complete this section to allow third-party applications to perform actions through the REST API on behalf of users, without providing their passwords.

    Click Next to display the following form.

    When authenticating to the REST API, use an application API key in place of the user's password.

    In the App Description field, enter a description of the third-party application using the API Key, and then click Regenerate Key. An API key displays, which you can use to authenticate to the Web Help Desk API.

    You can use application API Keys in place of passwords to authenticate users to the API so applications can perform actions on behalf of users without having access to their passwords.

    Use caution when using API keys, as they provide unlimited access to Web Help Desk through the REST API. When possible, use the individual Tech API keys instead.

    API Keys should only be sent using secure (SSL) requests and should not be exposed to the user. SolarWinds recommends using the application API key to obtain a session key, and then use the session key to authenticate the subsequent requests.
  10. Click Save.

Encrypt passwords using the Password Security Migration Tool

If you install FIPS 140-2 cryptography in an existing deployment, you can use the Password Security Migration Tool to ensure that all client and tech account passwords are migrated to FIPS 140-2 cryptography.

See the tooltip for more information.