The <authentication> element is for configuring single sign-on authentication providers in the domain. For example, the login screen could prompt for BrainHoney username and password, and it could also accept a SAML authentication from a portal page. By default, a domain uses Local (BrainHoney) authentication.

If the SAML authentication provider is included, the SAML identity provider manifest (typically obtained from the SAML identiy provider) must be stored in the domain content area at “SAML/idp-meta.xml”. For all other providers, the detailed parameters are included in the customization.xml file. For details about the format of the "idp-meta.xml" file, please see the SAML standards documents or the documentation of your SAML Identity Provider. Note: If you change the URL to your SAML server you need to refresh the BrainHoney servers by editing the customization XML.

For other providers, the detailed parameters are included inline as documented below.

When a single sign-on provider is enabled, the default Welcome and Login screens display a simple "Login" button. Clicking the button directs the browser to the identity provider (whether SAML or CAS). In many circumstances you want to bypass that screen and go directly to the authentication provider. There are two ways to accomplish this. First is to customize the Welcome and Login pages with a JavaScript redirect to your provider's login screen. Second is to link directly to the page you want the user to see (such as the home page).
<authentication [loginprefix="string"]>
One or more of the following <provider> tags
<provider type="Local" [displayname="string"] [showlogincontrol="boolean"]/>
<provider type="SAML" [displayname="string"] [showlogincontrol="boolean"] [version="string"]/>
<provider type="CAS" [displayname="string"] [showlogincontrol="boolean"]>
CAS Server URL
authenticationloginprefixOptional override of the default login prefix. When not specified uses the current domain.
authentication / providertypeIdentifies the authentication provider type.

displaynameSpecifies the text to display next to the login screen's credential prompt for this provider. This only has an effect if multiple login providers are enabled for the same domain.

showlogincontrolControls whether a login prompt appears for this provider on the login screen. When true, the welcome and login screens display either a prompt for credentials or a login button that redirects to the authentication provider. When false, this provider will not appear on the login screen. It's very unusual to set this to false.
authentication / providerversion Controls which SAML version to use. Version 1 uses the Brainhoney SAML code. Version 2 uses the xLi Platform SAML code. Regardless of the version used, SSO will work the same. The default is version 1.
authentication / provider / server
The URL of the CAS server that should be used when authenticating users for this domain.
authentication / provider / logout
When set to true, logs the user out of the CAS server when clicking the logout link. Otherwise the user is logged out of BrainHoney only.
See Also
Domain Customization