Changes

HowTo:Integrate UBIK in an SSO Environment

2,217 bytes added, 11:50, 13 July 2021
Created page with "Single Sign On (SSO) allows an end-user to interact with multiple services without logging in more than once. This page shows how to integrate {{UBIK}} into such an SSO envi..."
Single Sign On (SSO) allows an end-user to interact with multiple services without logging in more than once.

This page shows how to integrate {{UBIK}} into such an SSO environment.

<!-- DO NOT REMOVE THIS -->{{Template:HowTo/Begin}}<!-- DO NOT REMOVE THIS -->

= Instructions =
<!-- DO NOT MODIFY THE NAME OF THIS SECTION, BUT REMOVE IT IF NOT REQUIRED -->

There are two major use-cases for SSO:
* Authentication: Establishing or re-using an SSO session (logging in)
* Authorization: Interaction with external systems (interfacing)

In order to configure {{{UBIK}}} for SSO integration, we need to address both.

== Authentication ==
* In the UBIK client profile, adjust the SSO relevant settings (enabling SSO and specifying the Identity Provider Endpoint URL for an IdP-initiated flow).
* On the server side, make sure that an SSO Processor is configured able to process the responses from the Identity Provider.

== Authorization ==
When a UBIK object is synchronized between client and server, the {{{UBIK}}} customizing can interact with external systems. There, we might require authorization, and we need to make sure the client provides a respective token. In order to do so, we have to identify the specific authorization use-cases:
** For which types of objects (meta classes) do I need to interact with external systems, requiring SSO authorization?
** For which synchronization operations (e.g., update, commit, create, etc.) do I need authorization?
** Which IdP endpoint is used in this case?
For each resulting combination we have to create an [[SYSCLS_EXTERNALAUTHCONFIG|External Auth Config]] object and give it to the client in the infrastructure list.

= Studio =
<!-- DO NOT MODIFY THE NAME OF THIS SECTION, BUT REMOVE IT IF NOT REQUIRED -->
<Give step-by-step instructions, use images, ...>

TBD

= Client =
<!-- DO NOT MODIFY THE NAME OF THIS SECTION, BUT REMOVE IT IF NOT REQUIRED -->
<Give step-by-step instructions, use images, ...>

TBD

<!-- DO NOT REMOVE THIS -->{{Template:HowTo/End}}<!-- DO NOT REMOVE THIS -->

==See also==
<!-- DO NOT MODIFY THE NAME OF THIS SECTION, BUT REMOVE IT IF NOT REQUIRED -->

[[Category:How-To]]

[[Category:How-To|Integrate UBIK in an SSO Environment]]
NWE
1,765
edits