Changes

HowTo:Integrate UBIK in an SSO Environment

779 bytes added, 13:34, 13 February 2023
/* Client */
<!-- DO NOT MODIFY THE NAME OF THIS SECTION, BUT REMOVE IT IF NOT REQUIRED -->
* '''Set up an SSO mediator backend server to relay SSO responses to the client'''== OIDC ==
* Set up an identity provider if necessary* Assemble a client configuration JSON string, .e.g.:<syntaxhighlight lang="json"> {'AuthorityURL' : 'https://xamarinoidc----app.azurewebsites.net', 'ClientID' : 'gnabbermobileclient', 'ClientSecret' : null, 'RedirectURL' : 'oidcxamarin101:/authenticated', 'Scope' : 'openid profile', 'IsPivotEnabled' : 'false'}</syntaxhighlight>* Integrate client configuration in profile:<syntaxhighlight lang="xml"> <InternalSSOSettings> <EnableSSO>true</EnableSSO> <SSOConfiguration> ... </SSOConfiguration> <SSOProtocol>OIDC</SSOProtocol> </InternalSSOSettings></syntaxhighlight>
== SAML ==  * Set up an identity provider if necessary* Set up an SSO mediator backend server to relay SSO responses to the client <blockquote>To set up an Authentication Mediator Server first go to http://release.augmensys.com/ and download the provided Zip File.
After you downloaded the Zip create a new IIS applicatio (https://docs.microsoft.com/en-us/iis/configuration/system.applicationhost/sites/site/application/).
Open the just created app in your file explorer, unpack the downloaded ZIP file and copy all files of that ZIP into the app-folder.
If IIS prohibites you to copy files you need to first stop the server. After successfully copying the Files you need to Restart/Start the IIS server again.
Now you have set up the Authentication-Backend and it is ready to use.
</blockquote>
* Assemble a client configuration JSON string, .e.g.:
<syntaxhighlight lang="json">
{"AuthUser": "user", "AuthUserPw": "test", "BackendURL": "https://ubik.test.com/UBIK/DEV/AUTH_SERVICE/", "IdpURL": "https://idp.com/idpssoinit?metaAlias=ubik;spEntityID=ubik", "IdpLogoutURL": "", "IsPivotEnabled": false, "Env_Broadcast" : null, "Env_Data": null}
</syntaxhighlight>
* Integrate client configuration in profile:
<syntaxhighlight lang="xml">
<InternalSSOSettings>
<EnableSSO>true</EnableSSO>
<SSOConfiguration>
...
</SSOConfiguration>
<SSOProtocol>SAML</SSOProtocol>
</InternalSSOSettings>
</syntaxhighlight>
* '''Configure the SSO profile settings respectively'''
 
----
The Single-Sign-On implementation introduces three new Profile Settings needed to setup SSO in your environment, namely:
* <EnableSSO>true/false</EnableSSO> This setting, if set to "true" enables the SSO workflow and disable the possibility to authenticate against the UBIK backend.
* <BackendURL>https://www.backendurl.com/*/AuthenticationServer/</BackendURL> This setting is for defining the main url of the Authentication Backend.
* <IdpURL>https://www.IDP.com/</IdpURL> The IdpURL setting is neccessary for the Client to know where you want to authenticate against.
<!-- DO NOT REMOVE THIS -->{{Template:HowTo/End}}<!-- DO NOT REMOVE THIS -->
1,606
edits