Other Settings tab, you configure optional
authentication settings that apply to the options that you selected on the
The following options are available:
- Re-authenticate from outside URL
Select this check box if you want to require users to
re-authenticate after leaving the system and visiting another Web site. For
example, a user logs in to
SBM, and then visits http://www.MyFavoritePage.com. If the user
then tries to use the
back button to return to
SBM, the user
is prompted to log in again.
- This also applies to pages within
SBM if users enter an
SBM URL directly into the address box or if users click the
Refresh button on the browser. However, if users click a
link or button on an
SBM page that takes them to another
SBM URL, they will not have to log in again.
- This setting cannot be used in combination with the
Single Sign-On (SSO),
Windows Authentication, or HTTP Basic Authentication session management options
because these methods gather user credentials differently. You must use either
passwords or LDAP authentication with
Session Cookies for re-authentication to occur. (SBM
Session Cookies are required because this is how user credentials are
gathered for the re-authentication process).
- If you are using LDAP authentication, users are automatically
logged back in to
SBM when the
Re-authenticate from outside URL option is
selected; however, the
User session time-out setting can be
configured to force users to re-authenticate if they have not actively used the
system for a specified number of minutes.
- Disable users after failed login attempts
Select this check box to disable accounts of users who fail to
correctly authenticate after a specified number of login attempts. Set the
number of login attempts between 1 and 10. After users exceed this number of
attempts, their accounts are disabled and must be re-enabled by an
- User accounts can be re-enabled in
SBM Application Administrator.
- This feature is only available if users are validated against the
database or LDAP.
- External Access
If you want users to access
logging in to your network domain, or if they are not stored in LDAP, enter the
name of an application in IIS that uses anonymous authentication in the
External Virtual Directory Name box. You will need to manually
create this application in IIS, and ensure that it can execute ISAPI extensions
(enabled via Handler Mappings in IIS 7).
Note: If you add an external application in
IIS, you must manually configure the application's native modules and select
ModSecurity IIS module to enable the same level
of threat detection and prevention that is configured on the default
- You must add the following MIME types to the new application that
you create in IIS:
- File name extension: .properties | MIME type: text/plain
- File name extension: .woff | MIME type:
- File name extension: .appcache | MIME type:
- If users are validated against your Windows Domain, this option
sets up two authentication methods for your system:
Windows Domain (NTCR) for internal users and
Database authentication for other users.
- If users are validated against LDAP, this option sets up two
authentication methods for your system:
LDAP authentication and
Database for non-LDAP users.
- If you plan to use the e-mail response feature in
Windows Domain (NTCR) authentication, you must specify an
application in IIS with anonymous authentication here. For more information,
Notification Server Options.
- Select the check box in this section to restrict access so that
only external users can access
this anonymous application. External users are authenticated with their
which must be at least six characters in length.
For details, refer to the "How to Use Anonymous
Authentication for External Users While Using Challenge/Response" document at
Note: You configure external access for users, not administrators or
is not accessible externally, which means administrators cannot log in to
or access the repository using
from outside the domain; however,
SBM Application Administrator
can be accessed externally for administrators who need to manage users and
Copyright © 2007–2016 Serena Software, Inc. All rights reserved.