Documentation

Security / External Authentication

The External Authenticator should work with almost anything, such as classic ASP, Java, Perl or whatever. It can only authenticate the user on the same server since it takes the session cookie information from the current PHP/.NET domain and passes them to the other runtime for example classical asp.

Step 1

Set the Authenticator to ExternalAuthenticator

$moxieManagerConfig['authenticator'] = "ExternalAuthenticator";
<add key="authenticator" value="ExternalAuthenticator" />
Step 2

Check the moxiemanager/plugins/ExternalAuthenticator folder, copy the .jsp, .asp or .php page depending on what you are integrating with. Note for .NET, these files are not shipped with the .NET version, post a ticket in the support system, and we will send you the files.

Step 3

Open up the example file you copied above, set the SECRET_KEY to something unique.

Step 4

You should modify the example file to fit your system, for example, checking a specific session for logged in user etc.

Step 5

Edit the MoxieManager config file, change the

$moxieManagerConfig['ExternalAuthenticator.secret_key'] = "someSecretKey";
<add key="ExternalAuthenticator.secret_key" value="someSecretKey" />

to the same SECRET_KEY you set above in Step 3.

Step 6

Set the

$moxieManagerConfig['ExternalAuthenticator.external_auth_url'] = "auth.asp";
<add key="ExternalAuthenticator.external_auth_url" value="auth.asp" />

in the configfile to the correct URL for the example file you copied earlier.

Please note that the auth.asp file is only an example, you will want to customize that file for whatever you are integrating with.

Also note that a remote url does not work here, it should be a relative URL, for PHP its relative from the ExternalAuthenticator folder, for .NET its relative from the root moxiemanager folder.

Step 7

Verify that the Authentication works.

Remember that the ExternalAuthenticator sets up a local session so that one will not be automatically removed if you logout.
So you might need to request a session destroy page.