* Customize your UBIK Context, overriding the method "GetSSOProcessor" so it returns an instance of the authentication processor:
'''OIDC:''' In the case of a periodic rolling of the signing key, use the DynamicOIDCProcessor which fetches the JWKS automatically via the base URL of the chosen OIDC Provider: <syntaxhighlight lang="csharp">public override UBIK.Kernel.SSO.ISSOProcessor GetSSOProcessor(System.String token){ if (this.Name == "MyContextName") { string authorityBaseUrl = "..."; return new UBIK.SSO.OIDCProcessor.DynamicOIDCProcessorExt(Environment, token, authorityBaseUrl); } return base.GetSSOProcessor(token);}</syntaxhighlight>Instead of "..." you will need to insert the correct URL from your OIDC Provider where the JWKS should originate from. If the JWKS does not roll periodically:
<syntaxhighlight lang="csharp">
public override UBIK.Kernel.SSO.ISSOProcessor GetSSOProcessor(System.String token)
You will need to insert the correct jwks from your OIDC Provider instead of "...".
'''SAML:'''
<syntaxhighlight lang="csharp">
public override UBIK.Kernel.SSO.ISSOProcessor GetSSOProcessor(System.String token)
An external auth config object specifies for which meta class and sync action (e.g., when uploading instruction documents), which SSO configuration should be used. The result of a correct configuration will be, that the client sends an SSO token to the server when performing the sync action for an instance of the meta class. On the server side, you can use that token to interact with the external system. This only works if there is a scope with the external entity classification for that meta class, because it provides the means to transport the token.
[[Category:How-To|Integrate UBIK in an SSO Environment]][[Category:SSO|Integrate UBIK in an SSO Environment]][[Category:Version 3.6|Integrate UBIK in an SSO Environment]]
= Client =