Auto logon option setup
Auto logon allows staff users who are already logged on to the Microsoft compatible network in which your RefTracker system is installed, or who have a fixed IP address, to access RefTracker without having to specifically sign in to RefTracker. It can also be used in conjunction with a single signon system. The Auto logon options are usually only applicable to in-house installed RefTracker customers, particularly those that are security conscious.
Your system is distributed with the Auto logon option turned off. You need to decide whether you will use it in your installation, and set it up if you choose to use it.
This feature facilitates easy movement in and out of RefTracker during a working day for those staff who usually use RefTracker at the same computer. Click here to review details of the “Remember me” staff cookie logon option (another way that the logon screen can be prevented from displaying for your staff).
Once turned on, Auto logon can be activated, or not, for each individual staff signon. Auto logon is particularly effective for those staff who rely on staff emails to go into RefTracker as required, but it may be regarded as a security issue by others – so its your choice as to whether you implement it. Your staff still use a RefTracker licence as they log in but the log in page is no longer presented to them as the information about who they are is automatically detected by RefTracker.
However, this same Auto logon feature also facilitates the use of access control programs such as SiteMinder and TIvoli WebSeal, and so can be of particular interest to sites that are particularly security conscious.
Important notes about Auto logon
1. Auto logon provides direct access into RefTracker without specifically having to sign in, in the following specific circumstances:
– when accessing RefTracker though its normal staff web name
– when accessing RefTracker directly via /reft400.asp, 410, 435, 510 and 900. If you try to log directly into any other screen than these, you will be automatically logged into reft400 i.e. the staff home page.
– when accessing RefTracker from a RefTracker staff email
2. This function is only available in systems where fixed IP addresses are used, or where Windows authentication has been turned on for the RefTracker web, therefore this feature is not able to be used on all RefTracker systems. Note that turning Windows authentication on for the reftracker web means that users must already be logged into your Microsoft network in order to be able to access either the RefTracker staff or client interface (if not, they will be presented with a Windows login box). This is generally only applicable in secure sites.
3. Auto logon is most appropriate for staff who always work at the same computer e.g. back room research staff.
4. You can only have one RefTracker signon associated with each Microsoft logon, or each IP address.
5. You can have some staff using Auto logon, and others not, for example, it is usually not appropriate to use Auto logon for staff manning a reference desk.
6. If you use a computer logged on to the network as someone other then yourself, or a computer with a different IP address, and both you and the person who normally used that computer have Auto logon turned on for RefTracker, you will be logged on to RefTracker as that other user! To log on as yourself, log off RefTracker – you will be presented with the log on box – and you can manually log back on as yourself, by supplying your normal user name and password.
7. Don’t forget that, even if you were automatically logged into RefTracker, you still need to remember to Log off whenever you are leaving RefTracker!
Setting up Auto logon
Your system is distributed with Auto logon turned off.
If you wish to turn Auto logon on you should perform ALL of the following steps:
Setup step 1: In System>Parameters, parameter 5.10, choose how you want the network logon to operate:
Authentication to allow users to be logged in automatically if their ‘Network login’ matches the network login variable obtained for them, but if not, the RefTracker staff login page will be presented allowing a manual log on.
Authorisation automatically logs on users if their ‘Network login’ matches the network login variable obtained for them, and prevents access to RefTracker if no matching information is obtained form the network login variable.
Setup step 2: In System>Parameters, parameter 5.11 Auto Logon Variable, the system administrator must choose the Windows variable that will be used to authenticate user signons. The options are as follows:
REMOTE_ADDR: The IP address of the user will be derived from the authorisation header sent by the browser. This setting should be chosen if your library uses fixed IP addresses.
AUTH_USER: The name of the user will be derived from the authorisation header sent by the browser, before the user name is mapped to a Windows account. This is the most common setting when Windows authentication is in use for your reftracker web.
LOGON_USER: The Windows account that the user is impersonating while connected to your Web server will be used. Use this value if you have an authentication filter installed and you use Windows authentication on your reftracker web.
REMOTE_USER: The name of the user will be derived from the authorisation header sent by the client, before the user name is mapped to a Windows account. Use this value if your IT department indicates it is the correct value for your system and you use Window authentication on your reftracker web.
IV_USER for Tivoli WebSeal (HTTP_IV_USER): allows authenticated users from an IBM Tivoli Access Manager WebSEAL Single-Sign-On system to have their authentication passed through to RefTracker. This means that authenticated staff are automatically logged in via an association between their TAM credential and their RefTracker sign-on in the staff ‘Network Login’ field.
Through LDAP compliance Microsoft IIS makes information about the network login in use, available in the HTTP request header of the user’s browser, under these variables.
Setup step 3: You must remove Anonymous access from your <reftrackerstaff> RefTracker web before this function will work. To do this go to Internet Services Manager and open up the default web site. Right click on your <reftrackerstaff > webname and choose Properties. In Properties choose Directory Security, and untick the Anonymous access and authentication control Edit button. Untick Anonymous access box. Ensure that Integrated Windows authentication (under Authenticated access) is ticked, and then click on OK.
It is important that RefTracker is restarted at this point. The parameter changes that you have made here will not be implemented until the system is restarted.
Setup step 4: For each staff user that you would like to use Auto logon, amend their System> Users – full user maintenance screen (or My preferences) to include the user’s unique Network logon details, or their unique IP address, in the “Network login” field. The “Network login” field does not show in this screen until you have turned parameter 5.10 on.
The user’s IP address can be determined by looking in RefTracker’s System>Utilities>Diagnostic tools>Server Variables screen for the REMOTE_ADDR variable, however it can only be successfully used if your library uses individual fixed IP addresses.
The user’s login details will generally look like
<networkname>\<logonname> e.g. LOCAL\SHIRLEY
You can obtain the exact text string value for this by looking in RefTracker’s System>Utilities>Diagnostic tools>Server Variables screen for the variable chosen in parameter 5.11 when signed on as that user (the user would need to be temporarily setup with Supervisor or above level privileges to see this information, and Anonymous access to the reftracker web would need to have already been turned off). Note that the Network login field does not display in the User’s – full user maintenance screen (or My preferences screen) if Parameter 5.11 Auto Login Variable, is set to None i.e. Auto login is not enabled.
Please do not hesitate to call your RefTracker support person if you need assistance in understanding or implementing this feature.