Configure the authentication settings

The Authentication settings allow you to configure the authentication methods used to access Web Help Desk.

If you plan to install FIPS 140-2 compliant cryptography in your deployment, use the Password Security Migration Tool to encrypt all client and tech account passwords to FIPS 140-2 cryptography prior to activation. The migration tool invalidates all stored client and tech passwords that use a weaker cryptography standard.

All techs who did not log in to Web Help Desk before their planned migration date will not be able to log in. To enable techs to recover their password, select Web Help Desk as the Authentication Method and select the Show Forgot Password Button checkbox.

Configure the authentication method and settings

  1. In the toolbar, click Setup and select General > Authentication.
  2. Complete the fields and selections in the top portion of the screen as required, then click Save.

    See Customize tickets, notes, instructions, and emails with BBCode for details about customizing your Login Message field text.

The following table describes the authentication methods you can select in the screen.

Authentication method Description
Web Help Desk Authenticates the user with the user name and password. User names and passwords are pulled from the Web Help Desk database or imported from Active Directory or LDAP connections.
SAML 2.0
(Security Assertion Markup Language)

An XML protocol that provides authentication from an Identity Provider (IdP) to a Service Provider (SP).

See Deploy SSO with SAML Using AD FS for information about configuring SAML with AD FS for Web Help Desk.

AD FS must be configured separately to integrate with Web Help Desk. See the AD FS 2.0 step-by-step and how-to guides at the Microsoft TechNet website for more information.

CAS 2.0
(Central Authentication Service)

Uses a single sign on (SSO) service URL to authenticate the user provided by Web Help Desk. The CAS server sends the user back to Web Help Desk and attaches a "ticket" to the Web Help Desk URL. Web Help Desk submits the ticket to the CAS validate URL to obtain the user name of the authenticated user.

See Deploy SSO with CAS 2.0 for information on how to set up CAS 2.0 on your Web Help Desk Tomcat server.

Servlet Authentication
(for Apache Tomcat installations)

Provides the authenticated user name to Web applications using the HttpServletRequest.getRemoteUser() method.

You can use Windows Authentication Framework Light Edition (WAFFLE) at your own risk for Web Help Desk servlet authentication. SolarWinds does not support this method of SSO.

For information about configuring WAFFLE, see Servlet Single Sign On Security Filter at the GitHub website. For additional information, see the SolarWinds Thwack website and the SolarWinds KB article titled WAFFLE Servlet Authentication Configuration Steps.

HTTP Header Uses Web servers (such as the Apache HTTP Server) to forward externally authenticated user information using HTTP headers.
HTTP Form Value Forwards the authenticated user name through an HTTP name/value pair instead of an HTTP header.

Encrypt passwords using the Password Security Migration Tool

If you install FIPS 140-2 cryptography in an existing deployment, you can use the Password Security Migration Tool to ensure that all client and tech account passwords are migrated to FIPS 140-2 cryptography.

See the tooltip for more information.