GravityLab Multimedia Inc. Windows Media Authentication Administration Guide

Similar documents
EdgeCast Networks Inc. Token-Based Authentication Administration Guide

API documentation - 1 -

Lecture 8a: WWW Proxy Servers and Cookies

Creating a User Profile for Outlook 2013

Webmail Using the Hush Encryption Engine

IP Phone Service Administration and Subscription

Tableau Server Trusted Authentication

TROUBLESHOOTING RSA ACCESS MANAGER SINGLE SIGN-ON FOR WEB-BASED APPLICATIONS

Configuring Single Sign-on for WebVPN

ADFS Integration Guidelines

Computer Networking LAB 2 HTTP

How to set up Outlook Anywhere on your home system

SafeGuard Enterprise Web Helpdesk. Product version: 6.1

Version 1.0 January Xerox Phaser 3635MFP Extensible Interface Platform

Lecture 8a: WWW Proxy Servers and Cookies

A Java proxy for MS SQL Server Reporting Services

CloudOYE CDN USER MANUAL

EdgeCast Networks Inc. Flash Media Streaming Administration Guide

E-Commerce: Designing And Creating An Online Store

CDN Operation Manual

IIS Sites Transfer 2.0 Quick Start Guide

Using Entrust certificates with Microsoft Office and Windows

Using Websense Data Endpoint Client Software

Integrating a Hitachi IP5000 Wireless IP Phone

LICENSE4J LICENSE MANAGER USER GUIDE

Handle Tool. User Manual

Tableau Server Trusted Authentication

How-to: Single Sign-On

The Hyper-Text Transfer Protocol (HTTP)

Use Enterprise SSO as the Credential Server for Protected Sites

Table of Contents. Open-Xchange Authentication & Session Handling. 1.Introduction...3

Management, Logging and Troubleshooting

(n)code Solutions CA A DIVISION OF GUJARAT NARMADA VALLEY FERTILIZERS COMPANY LIMITED P ROCEDURE F OR D OWNLOADING

Open Directory. Contents. Before You Start 2. Configuring Rumpus 3. Testing Accessible Directory Service Access 4. Specifying Home Folders 4

National Fire Incident Reporting System (NFIRS 5.0) Configuration Tool User's Guide

Web Plus Security Features and Recommendations

VMware Horizon Workspace Security Features WHITE PAPER

Semantic based Web Application Firewall (SWAF V 1.6) Operations and User Manual. Document Version 1.0

Xerox DocuShare Security Features. Security White Paper

TSM for Windows Installation Instructions: Download the latest TSM Client Using the following link:

RoomWizard Synchronization Software Manual Installation Instructions

Chapter 6 Virtual Private Networking Using SSL Connections

Setting up single signon with Zendesk Remote Authentication

1. Summary Recording triggered by SIP INFO Configurations on the phone How the SIP INFO works... 2

Single-sign-on between MWS custom portlets and IS services

Security IIS Service Lesson 6

How To Test Your Web Site On Wapt On A Pc Or Mac Or Mac (Or Mac) On A Mac Or Ipad Or Ipa (Or Ipa) On Pc Or Ipam (Or Pc Or Pc) On An Ip

SafeGuard Enterprise Web Helpdesk. Product version: 6 Document date: February 2012

UFTP AUTHENTICATION SERVICE

Audi Virtual Payment Client Integration Manual

PowerLink for Blackboard Vista and Campus Edition Install Guide

Document Digital Signature

FOR PARALLELS / PLESK PANEL

RSA SecurID Ready Implementation Guide

Description of Microsoft Internet Information Services (IIS) 5.0 and

Configuring the Samsung SDS CellWe EMM cloud connector

Installing LearningBay Enterprise Part 2

Configure SecureZIP for Windows for Entrust Entelligence Security Provider 7.x for Windows

Avatier Identity Management Suite

Using Internet or Windows Explorer to Upload Your Site

Web Application Security Guidelines for Hosting Dynamic Websites on NIC Servers

Integration Guide. SafeNet Authentication Service. Oracle Secure Desktop Using SAS RADIUS OTP Authentication

Experian Secure Transport Service

Deploying F5 with Microsoft Active Directory Federation Services

MCBDirect Corporate Logging on using a Soft Token

WWPass External Authentication Solution for IBM Security Access Manager 8.0

SafeGuard Enterprise Web Helpdesk

TELE 301 Network Management. Lecture 17: File Transfer & Web Caching

IBM Endpoint Manager Version 9.2. Patch Management for SUSE Linux Enterprise User's Guide

Configuring SonicWALL TSA on Citrix and Terminal Services Servers

Implementing Reverse Proxy Using Squid. Prepared By Visolve Squid Team

QualysGuard WAS. Getting Started Guide Version 3.3. March 21, 2014

IIS, FTP Server and Windows

Barracuda Networks Web Application Firewall

Yale Secure File Transfer User Guide

Managing User Accounts

Interwise Connect. Working with Reverse Proxy Version 7.x

Centrify Mobile Authentication Services

Certificate technology on Pulse Secure Access

DOCUMENT MANAGEMENT SYSTEM

Load testing with. WAPT Cloud. Quick Start Guide

Connected Data. Connected Data requirements for SSO

Tenrox. Single Sign-On (SSO) Setup Guide. January, Tenrox. All rights reserved.

The HTTP Plug-in. Table of contents

Fax User Guide 07/31/2014 USER GUIDE

Certificate technology on Junos Pulse Secure Access

MultiSite Manager. User Guide

Burst Technology. bt-webfilter User Guide

Installing the ASP.NET VETtrak APIs onto IIS 5 or 6

Dragonframe License Manager User Guide Version 1.2.2

Using weblock s Servlet Filters for Application-Level Security

Multi Factor Authentication API

Autodownloader Toolset User Guide

Session Management in Web Applications

Drop Shipping. Contents. Overview 2. Quick Tips 3. Basic Setup 4. Drop Ship Options 5. File Pickup Options 6. Messages 8

Single Sign-On Implementation Guide

Generating and Installing SSL Certificates on the Cisco ISA500

Transcription:

GravityLab Multimedia Inc. Windows Media Authentication Administration Guide

Token Auth Menu GravityLab Multimedia supports two types of authentication to accommodate customers with content that requires permission before viewing. The first type of authentication is when the Customer Origin is password protected at a site level or directory level. Examples of this type are when using file system user management to password-protect a website, a directory, or using.htaccess password protection within Apache. We refer to this method as Server-Based Authentication, since the web server is the point of authentication. The second type of authentication is application-based authentication that can accommodate the display of content at a very granular level using tokens. We refer to this as Application-Based Authentication since the customer application is performing the authentication. Regardless of the password protection scheme used when the file is being served from the origin, the origin server can send a header telling the edge servers to re-validate the request. This is a standard header and is constructed as follows: cache-control: must-revalidate or cache-control: proxyrevalidate. GravityLab Token Authentication (application-based) When a user visits and logs into a customer s web application, the application can generate and place a randomized encrypted token at the end of the URLs of objects that are for display using the GravityLab content delivery network. Token authentication is now available for all content types, including HTTP, Windows Media and Flash Media Streaming. Please consult your Media Control Center for more information. These tokens can be set to include any kind of information necessary for the customers business objectives. For example the token can contain: The session ID A user identifier Authorized referral link

Length of time for the user to view the file. (i.e. 24 hours) Customers should configure their origin server to set the header for any file that requires authentications to cache-control: must-revalidate. Once a request for a file goes through the edge servers, the edge servers will send a request to your Origin Server. Customers must check the URL being requested, parse the URL and get your randomized encrypted token. If the token meets their criteria they can send back a 200 status header so that the EdgeServer can display the requested object. If the token does not meet the desired criteria, or if the token is missing or invalid, then you can send the 404 access denied header. Example: In your web application you can add the following token to the end of the desired objects to be authenticated: Token Value: IP Address Encrypted Token: encrypt( ClientIP + rand string ) = d5qhvglbefrm Your actual link will be similar to: http://movies.domain.com/000002/domain.com/movie.avi?sd5qhvglbefrm The origin server would then decrypt the value d5qhvglbefrm to derive at: ClientIP234893. Parse out the random string 234893 and send the appropriate headers to validate the request. Creating Tokens in the Media Control Center Users will need to access the Media Control Center to configure the Token Auth application to their desired settings. Users will need to create a secure keyphrase in the Media Control Center so the token authentication algorithm can secure the content. Users will also need to add the directories which will be protected by the Token Authentication offered by GravityLab.

Windows users can create directories from directories in either GravityLab storage or on their own origin. Users will only need to specify the name of the directory for the content to be protected, as well as content within any folders under the protected directory. te that this behavior may vary from other GravityLab platforms. GravityLab offers a wide variety of authentication methods to protect users content. Tokens may be configured to check against last-modified times, enduser IP addresses and HTTP referrers. Tokens may vary by file type, so please consult the Media Control Center for the most up-to-date listing of available tokens. Users can create individual tokens by entering the values in the appropriate box followed by pressing the Generate Encrypted URL button. Users may configure their tokens with several of the available parameters for a given token. Also note that token authentication binaries are available to generate tokens programmatically. GravityLab may also offer by request, the source code necessary for a user to create their token authentication script. The following diagram outlines the decision tree process that occurs during authentication as well as the three different HTTP codes that can be returned by the origin server. These codes are: This code will be returned by origin server if the request is authorized. The GravityLab server will go ahead and cache the file. 304 t Modified The code will be returned by the origin server if the request is authorized and if the file on the origin server has not been modified since it was last cached. GravityLab will then serve the content to the requestor from the cache. 403 Permission Denied

The code will be returned by the origin server if the request is not authorized. The requestor will be denied access entirely to the requested object and there will be no check of the cache for content freshness.. User request Content in Cache? Edge Server to Origin: Send URL + Token Authenticate Content Authenticate or public? Public Edge Server to Origin: Send URL + Token TTL or Expired? 403 Perm. Denied 403 Perm. Denied cache-control: must-revalidate cache-control: must-revalidate File cached to Edge servers once retrieved from origin File cached to Edge servers once retrieved from origin Application based authentication File delivered to client Figure:

Server based Authentication The GravityLab edge server will pass HTTP headers back to the origin server which allows the origin server to give permission to either accept or reject a request to download content. This process will also enable the edge server to update the file if it has been modified. User request Content in Cache? Edge server requests to origin Http://www.domain.com/movie.avi Movie.avi Modification? 403 Permission Denied 403 Permission Denied 304 t Modified File cached to Edge servers once retrieved from origin File cached to Edge servers once retrieved from origin GravityLab Server based Authentication File delivered to client Figure:

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information