- Create a Security: CAS or Security: Generic Component
- Insert applicable security information (NetID, OrgID, or IP for a CAS component, or custom usernames and passwords for a Generic component)
- Make a new page within the Structure Group you want to secure, ensure the Page Template is XML and the File name is "security"
- Publish the page, then refresh the security cache by visiting the page in your browser.
Security can be used on YSM sites to restrict access to an entire site or one particular directory, or structure group, of a site. Using CAS, the Yale University login system, access can be limited to only certain NetID's, only Yale employees affiliated with a chosen organization or set of orgs, or any combination of those three parameters.
Alternatively, you can use the Generic security option. This allows you to create a custom username and password that users will need to enter the secured portion of your site. You can create just one custom username and password or multiple possible entries that will grant access, whatever best suits your needs.
In either case, be sure to follow the "Applying Security to A Structure Group" instructions after creating the "CAS" or "Generic" component.
The “Security: CAS” Schema
- Under “Allow the following group’s access” select a Security Type. The options are NetID, Org ID, and/or IP.
- Based on your selections insert the corresponding information in the Values field. For example, if you selected NetID insert comma separated NetID’s, if you are using OrgID’s insert comma separated OrgID’s, and the same method for IP address.
- NetID's and OrgID's can be found in the Yale Phonebook (you'll need to log in with CAS). IP addresses will have to be obtained from your business manager or ITS contact.
- If you will be using multiple Security Types within this single Security component it is crucial to use the furthest left green radio button to make an additional field for your other values.
- Once you've finished inserting your Security Types and coordinating Values click Save & Close in the Home tab. The component is ready to be inserted onto a page in your root folder.
- In the component presentations tab of your page, click Insert. Your Building Blocks folder will pop up, select the component you created, and in the Component Template drop down menu to the right, the Security: CAS Component Template should automatically be selected. Hit save and close, and your ready to publish.
The “Security: Generic” Schema
- Beneath "Enter a generic username and password:” Fill in Generic Username and Generic Password. These fields can contain any username and password of your choosing.
- If you would like to allow more than one custom username and password that can access the secured folder, click the green add button to add a second set of fields. You can add as many username and password pairs as you like.
- Once you've finished inserting your username(s) and password(s) and click Save & Close in the Home tab.
- In the component presentations tab of your page, click Insert. Your Building Blocks folder will pop up, select the component you created, and in the Component Template drop down menu to the right, the Security: Generic Component Template should automatically be selected. Hit save and close, and your ready to publish.
Applying Security to A Structure Group/Directory
- Within the Structure Group you would like to secure, create a new page.
- The Name of this new page should be "Security," and File Namemust be "security" (lowercase, no spaces).
- Below Page Template, uncheck Inherit from Parent.
- Then, select XML from the Page Template dropdown.
- In the Component Presentations tab of your page, click Insert. Your Building Blocks folder will pop up, select the security component you just created.
- Click Save & Close, then publish the page.
- In order to activate the security, after the page has successfully published, you must visit the page to refresh the security cache. To do so:
- Using the browser of your choice, navigate to a page on your site that's within the same structure group as the security page you created (one of the pages you're trying to limit access to).
- In the address bar of your browser, remove the page file name from the end of the URL (all the text after the last backslash (/), for example the most common page file name is "index.aspx").
- In place of the old page name, type security.xml, then press Enter on your keyboard.
- You should then see a screen that reads Security Cache Refreshed. The security is now active, the best way to test it is to completely close your browser, then navigate back to the secured page.
- Note: You will see the "Security Cache Refreshed" message on any URL you visit that ends in "security.xml," even if you enter an incorrect URL. So be sure to test your security after implementing to ensure you visited the correct page.