Difference between revisions of "HowTo:Integrate UBIK in an SSO Environment"
m (→Interfacing) |
(→Interfacing) |
||
Line 143: | Line 143: | ||
* Add the [[SYSCLS_EXTERNALENTITY|External Entity Classification]] to all affected meta class scopes | * Add the [[SYSCLS_EXTERNALENTITY|External Entity Classification]] to all affected meta class scopes | ||
− | An external auth config object specifies for which meta class and sync action (e.g., when uploading instruction documents), which SSO configuration should be used. The result of a correct configuration will be | + | An external auth config object specifies for which meta class and sync action (e.g., when uploading instruction documents), which SSO configuration should be used. The result of a correct configuration will be that the client sends an SSO token to the server when performing the sync action for an instance of the meta class. On the server side, you can use that token to interact with the external system. This only works if there is a scope with the external entity classification for that meta class, because it provides the means to transport the token. |
+ | |||
+ | Here's how the SSO token can be retrieved by the server side customizing (only when executed by the web service that received the content though, for security reasons): | ||
+ | <syntaxhighlight lang="csharp"> | ||
+ | public string GetOIDCToken(UBIKSession session, BaseClass c, UBIK.Kernel.Classification.SSO.IOOperation op) | ||
+ | { | ||
+ | UBIKKernel.LogDebugOutput(MethodBase.GetCurrentMethod(), 1234, $"Getting OIDC Token", this); | ||
+ | UBIK.Kernel.Classification.SSO.SSOCacheKey key = new UBIK.Kernel.Classification.SSO.SSOCacheKey(op, c.ClassID); | ||
+ | if (session.Tags.TryRetrieveTag(key, out object tag)) | ||
+ | { | ||
+ | string oidcToken = tag as string; | ||
+ | return oidcToken; | ||
+ | } | ||
+ | else | ||
+ | { | ||
+ | UBIKKernel.LogDebugOutput(MethodBase.GetCurrentMethod(), 1234, "No OIDC token found in session " + session.ID + " for ioOperation " + op + " and class ID " + c.ClassID, this); | ||
+ | } | ||
+ | return null; | ||
+ | } | ||
+ | </syntaxhighlight> | ||
+ | |||
+ | [[Category:How-To|Integrate UBIK in an SSO Environment]] | ||
+ | [[Category:SSO|Integrate UBIK in an SSO Environment]] | ||
+ | [[Category:Version 3.6|Integrate UBIK in an SSO Environment]] | ||
= Client = | = Client = |
Revision as of 07:40, 21 March 2024
Single Sign-On (SSO) allows an end-user to interact with multiple services without logging in more than once.
This page shows how to integrate UBIK® into such an SSO environment.