Overview

The Login Page is presented to users when accessing the ARTS web interface prior to login, when their session or password has expired, or when the system has been placed into suspended mode by the administrator for maintenance. Apart from the login controls, an About ARTS link is available in the grey status bar below the graphical header. Clicking on this link opens a popup displaying a short overview of what ARTS is and does, and provides a mail-to link to the administrator allowing users to request new accounts.

The system standard administrative information is printed at the bottom of every page indicating the ARTS installation name, the currently running software release, the administrator link (on the login page dots and @-signs are obfuscated to prevent automated email-harvesting), time taken by the server to generate the page, browser support information and finally a link to the ESA website.

Login

The user logs into the system by entering login name and password in the text input fields provided, then selects the Login button. On successful login, users are presented with their Home Page.

If incorrect or outdated data is entered, or the system is in a maintenance state, an appropriate error message will be displayed.

In the case of new accounts, expired or forgotten passwords the Reset Password procedure should be initiated, for details see below.

Users not registered with ARTS can request an account by opening the About page and selecting the adminstrator link therein.

ESA Login

Since ARTS version 7.4.0 the application supports single sign on (SSO) for ESA staff. Every user that has a valid ESAAD account (typically users with a "...@esa.int" email address) can access ARTS using the ESA active directory federation service (ADFS).

The user clicks on the ESA login button and is redirected to the ESA ADFS page. There are two scenarios:

• If the user is already logged in with ESA SSO, then ADFS redirects back to ARTS directly without the user noticing. The user is greeted with a valid session.
• If the user is not logged in the ADFS presents a login screen. Using standard ESA credentials the user can login and if successful is redirected back to ARTS. The user is presented with a valid session.

Access to the ESA active directory is only granted if the user is also connected to the VPN. Every user needs to login to the VPN first to be able to utilize the single sign on feature.

ESA users cannot manage their account (e.g. change password) within the ARTS application.

ESA users that have not yet been using ARTS before get a new account created upon their first login. In a cluster setup this has to occur on the cluster-master. The created account does not have access rights or project affiliation set.

ARTS users that have been using their "@esa.int" email address for their ARTS account have automatically been setup to use the ESAAD single sign on. ARTS users that have NOT been using their "@esa.int" email address for their ARTS account are required to still use their ARTS username and password to login.

Public Login

Optionally, the administrator can enable a 'public' account. If configured, this allows users to login using the special public login without password. In order to filter out automated bot access, a so-called CAPTCHA challenge is presented to the user - a simple question and answer challenge that serves to differentiate between human and automated users. Obviously the ARTS features available to this account have been heavily restricted, users are furnished with read-only access to a set of projects restricted by the administrator.

Reset Password

The Reset Password feature is intended to be used for:

• Initial setting of passwords for new user accounts
• Re-setting of passwords where user passwords have expired
• Recovery where users have forgotten existing passwords

In any of the above cases the Reset Password button should be clicked. This changes the fields presented. The user enters either a login name or email address, then clicks on the Send Mail button. This will trigger a mail to be sent to the email address stored for the user with the supplied login name (or to the email address provided). The email will contain a verification link which is only valid for a limited period of time (typically 30 minutes, but this can be altered by the administrator). This link should be clicked or pasted into a browser url frame. Note this must be done from the same IP address and browser from which the Reset Password request eminated.

Having loaded the page from the verification link, the user is prompted to enter a new password and confirmation with minimum password strength criteria as described in the User Profile section. On success this will store the new password and the user is redirected to the login page, where the new password can be used to login in the usual fashion.