Last Friday we announced the beta build of Thinfinity VirtualUI v2. We are excited about this new version because it includes several new major features that take VirtualUI to a new level of virtualization and integration.
In this opportunity, we will learn how End-User Authentication works in VirtualUI web-enabled applications.
How to Protect Your Published Apps
Thinfinity VirtualUI allows you to protect the published applications by applying Active Directory (AD) objects to each one of them. To be able to see and execute an application in the Thinfinity VirtualUI environment, either the application must have anonymous access or the end-user must provide credentials that satisfy the AD objects assigned to that application.
Thinfinity VirtualUI lets you activate one or more end-user authentication methods, allowing for the mapping of credentials to AD objects, which in turn will grant access to the applications that had the same AD objects applied. Also, the end-user identification is passed on to the application in order to allow a Single Sign-On.
Thinfinity VirtualUI allows developers to specify one or more authentication methods at a time. There are two possible ways to ask for credentials:
- Using the standard Web Browser authentication dialog.
- Using a login page.
The Standard Web Browser Authentication (aka Basic Authentication) is, in the context of an HTTP/HTTPS transaction, a method for the HTTP User Agent (the Web Browser) to provide end-user credentials when a request is started. The standard Web Browser authentication dialog is provided by each Web Browser and it looks like this:
This dialog is available when you use only one of the authentication access methods that require user and password: Windows Logon, RADIUS or External DLL.
Also, you can use a login page. The login page provided (login.html) was created to dynamically show all configured authentication methods in your Thinfinity VirtualUI Server. Every login option will be present only if the proper authentication method is configured.
For example, if only the ‘Windows Logon’ method is configured, the page will look like this:
But if you enable all predefined methods, your login will show something like this:
You can modify or replace the provided login page to adapt it to your branding and/or integration needs.
Processing end-user credentials
Each published application without anonymous access requires the assignment of one or more Active Directory objects which define the users that can see and execute it.
Thinfinity VirtualUI implements a mapping mechanism to transform end-user credentials to AD objects. Only applications that match these AD objects will be granted access to the end-user.
When you enable an authentication method, you must add the mapping rules that will allow you to link the user ID with an AD object. This is done by specifying an external user ID mask and its linked AD objects.
Depending on the selected authentication method, Thinfinity VirtualUI uses the identification provided provided by the user to scan the mapping rule list and obtains the associated AD objects. If the matching process returns one or more AD objects, all applications with the same AD object are enabled to be seen and accessed by the end-user.
End-User Authentication Methods
Thinfinity VirtualUI allows you to authenticate users through the following authentication methods:
This option enables Active Directory credentials. This method is enabled by default.
Remote Authentication Dial-In User Service (RADIUS) is a networking protocol and software that provides centralized Authentication, Authorization, and Accounting (AAA) management for users who remotely connect to a network service, in this case the Thinfinity VirtualUI Server.
OAuth 2.0 (or OAuth/2) is an open standard for authorization and authentication, commonly used as a way for Internet users to log into third party websites using their social network (Facebook, Google, LinkedIn, etc.) account without exposing their password.
A custom authentication method implemented by you or a third party with our authentication API and referenced in the Thinfinity VirtualUI server.
All these methods will be enabled and configured in the Thinfinity VirtualUI Server Manager.
This new Authentication Scheme is only one of the Thinfinity VirtualUI v2 new features.
We’ll continue sharing with you the new concept and capabilities of our products. Stay tuned!