The following video explores how to configure Laserfiche Directory Server and the Security Token Service (or STS) on a single machine with Windows Authentication. For more information, see the documentation.
On the computer hosting the Directory Server Security Token Service (STS), open a web browser and browse to:
https://localhost/LFDSSTS/configuration
Verify that the default Directory Server host name and port are correct.
Timeout Settings
Set the maximum number of minutes a session can remain idle before the user is signed out. These settings apply to all sessions that are authenticated through the STS instance being configured.
- Default session timeout: Determines the maximum number of minutes a session can remain idle, provided that the user did not select This is a public computer checkbox on the sign-in page.
- Public computer session timeout: Determines the maximum number of minutes a session can remain idle, for users who selected the This is a public computer checkbox on the sign-in page.
Allowed Iframe Hosts
Configure the set of allowed domains that can embed the Directory Server sign-in page in an iframe. This option is available in Laserfiche Directory Server Update 4 and later. Specify multiple domains by separating each domain with a space.
- Directory Server Update 4: When blank, Directory Server will default to not use the content security policy (CSP) header.
- Directory Server Update 5: When blank, Directory Server will default to allowing machines on the same domain as the STS.
Sign-in Page Customizations
- Hide Laserfiche Authentication: Hides the Organization, Username, Password, and Sign in elements on the Directory Server sign-in page.
- Hide Windows Authentication: Hides the Windows Authentication button on the Directory Server sign-in page.
Note: If both the Hide Laserfiche Authentication checkbox and Hide Windows Authentication checkbox are selected, the Directory Server sign-in page will be an empty page if you do not have AD FS authentication or SAML authentication turned on and configured for an identity provider.
You can configure further settings for each licensing site you have on Directory Server.
- Select the Show organization drop-down list option to display a drop-down list of available organizations on the sign-in page. The drop-down list will contain organizations only if the Directory Server site is configured to display the available organizations.
- If you don't select Show organization drop-down list, or if the Directory Server licensing site is not configured to display the available organizations, the user will have to enter the name of their organization on the sign-in page.
- Select Always use Windows authentication if you want users to be automatically signed in with the Windows account they're using.
- If you clear this option, users will have to click Windows authentication on the sign-in page to sign in with the Windows account they're using. Windows authentication will not be automatic.
Note: To sign-in as a different Windows user when Always use Windows Authentication is enabled, users can sign out then type the alternate Windows credentials on the sign in page.
- Select the organization that you want pre-selected (if you enable the organization drop-down list) or pre-entered (if you disable the drop-down list) on the sign-in page.
- Users will be able to select or enter an alternative organization if they don't want to use the default selection.
Click Update to apply your settings.