When you start developing a new module it has the built-in logic for end-user authentication. OutSystems comes with three distinct authentication modes: Internal, Active Directory, and LDAP.
- The default authentication mode. The end-user information is stored in the OutSystems database. The credentials are not stored, but a cryptographic hash function is computed using the credentials and only its result is stored. When the end-user attempts to logs in, the hash function is computed again and its result is compared with what is in the database.
- Active Directory
- Uses your Active Directory to authenticate the end-users.
- Authenticates the end-user against your LDAP server. At the moment OutSystems supports only the LDAP end-user authentication against Active Directory.
When the end-user uses the application for the first time and the accessed screen allows only authenticated end-users to see it, a security exception is raised. OutSystems will do the following:
If the platform is configured to use Windows Integrated Authentication and the end-user is inside the internal network, the end-user is authenticated using Windows Integrated authentication. Once the end-user makes a request, the server replies with an HTTP 401 status, signaling to the end-user browser that authentication is required. If the browser already has the end-user credentials stored, it automatically sends the credentials to the web server. Otherwise, the browser displays a form for the end-user to input the credentials and sends them to the server. This means that even if you have a custom Login page, the end-user will not see it.
If the platform is not configured to use Windows Integrated Authentication, the end-user is redirected to a Login screen. When the end-user submits the credentials,
- The credentials are validated against the OutSystems database.
- If the platform is configured to authenticate using Active Directory, the credentials are validated against the configured domain server.
- If the platform is configured to authenticate using LDAP the credentials are validated against the Active Directory LDAP server configured. External LDAP is currently not supported for the end-user authentication.
If after this process the end-user could not be authenticated, then an "Invalid Login" message is displayed to the end-user.
Articles in this Section
- Configuring End-User Authentication
- Learn how to configure the end-user authentication for internal authentication, Active Directory or Active Directory with LDAP.
- Integrated Authentication
- Learn more about Integrated Windows Authentication in OutSystems.
- Persistent Login
- Learn more about persistent login, to enable end-users not having to log in every time after their first successful login.
- Single Sign-On
- Lear more about Single Sign-On, and how the end-users can authenticate to all applications at once.