Single Sign On (SSO) allows an end-user to interact with multiple services without logging in more than once.
This page shows how to integrate UBIK® into such an SSO environment.
Instructions
There are two major use-cases for SSO:
- Authentication: Establishing or re-using an SSO session (logging in)
- Authorization: Interaction with external systems (interfacing)
In order to configure {{{UBIK}}} for SSO integration, we need to address both.
Authentication
- In the UBIK client profile, adjust the SSO relevant settings (enabling SSO and specifying the Identity Provider Endpoint URL for an IdP-initiated flow).
- On the server side, make sure that an SSO Processor is configured able to process the responses from the Identity Provider.
Authorization
When a UBIK object is synchronized between client and server, the {{{UBIK}}} customizing can interact with external systems. There, we might require authorization, and we need to make sure the client provides a respective token. In order to do so, we have to identify the specific authorization use-cases:
- For which types of objects (meta classes) do I need to interact with external systems, requiring SSO authorization?
- For which synchronization operations (e.g., update, commit, create, etc.) do I need authorization?
- Which IdP endpoint is used in this case?
For each resulting combination we have to create an External Auth Config object and give it to the client in the infrastructure list.
Studio
<Give step-by-step instructions, use images, ...>
TBD
Client
<Give step-by-step instructions, use images, ...>
TBD