Step 3 – LDAP Authentication
Unlike pure LDAP login, SchoolBooking is not sent the users full credentials i.e. username and password but instead a token. This means that unlike standard LDAP logins we have no username or password to be able to offer your servers to begin a query against your LDAP directory.
This means you will need to setup an account we can use to query your LDAP as users logon. This account does not need any high level permission, it can be quite restricted, but we suggest you test limiting this once all is working.
Step 4 – SSO Detection
Most of our sites allow their users to use SchoolBooking within the network but also at home. This could cause some problems as SchoolBooking won’t automatically know when to be looking for an SSO token or when to be asking for credentials manually.
We have two ways around this issue.
1 – SchoolBooking can detect the public facing IP address is of anyone browsing the internet from your organisation. If this address is added into SchoolBooking we will then initiate SSO upon seeing this IP Address and if we don’t see it, we will revert back to asking for the user to type their credentials in manually.
We allow you to enter a range when specifying your Public IP as you may have more than one externally facing IP address (ask your broadband provider for more details)
If you want to force SSO continuously no matter what address the user is coming from Type ALL in both the From and To boxes. SchoolBooking will then initiate the SSO on every visit no matter where the client is. The problem of this is when a user is outside of your domain and accesses SchoolBooking the script specified in Step 1 will be requested, and as your webserver doesn’t know who the user is it will display a very standard Windows Login prompt without much detail, this may confuse the user.
Another way of initiating SSO from within your network is to leave the address range blank and simply roll out a SSO shortcut (shown at the bottom of Step 4). This Shortcut should again only be used within your network so when users are at home they use a regular SchoolBooking website / shortcut otherwise they will again be faced with a windows logon dialogue box.
Step 5 – Enable / Disable
All should now be in place for you to enable SSO for your site. We recommend you make a copy of the web address at the bottom of step 5, this is a manual way of avoiding SSO and will be needed if you want to log back into SchoolBooking with a local SchoolBooking account such as Admin rather than your SSO account.