Changes
= Instructions =
<!-- DO NOT MODIFY THE NAME OF THIS SECTION, BUT REMOVE IT IF NOT REQUIRED -->
The customer's Identity Provider must know {{{UBIK}}} as a Service Provider. We need to provide an SSO mediator server in order to relay SSO responses for the client; this is our ACS (Assertion Consumer Service).
There are two major use-cases for SSO:
== Authorization ==
When a {{{UBIK }}} object is synchronized between client and server, the {{{UBIK}}} customizing can interact with external systems. There, we might require authorization, and we need to make sure the client provides a respective token. In order to do so, we have to identify the specific authorization use-cases:
* For which types of objects (meta classes) do I need to interact with external systems, requiring SSO authorization?
* For which synchronization operations (e.g., update, commit, create, etc.) do I need authorization?
For each resulting combination we have to create an [[SYSCLS_EXTERNALAUTHCONFIG|External Auth Config]] object and give it to the client in the infrastructure list.
Further, we have to make sure the authorization tokens can be transported to the server. Therefore, add the [[Category:How-ToSYSCLS_EXTERNALENTITY|Integrate UBIK in an SSO EnvironmentExternal Entity Classification]]to all meta classes of objects that need external authorization.
= Studio =
<!-- DO NOT MODIFY THE NAME OF THIS SECTION, BUT REMOVE IT IF NOT REQUIRED -->
= Client =
<Give step-by-step instructions, use images, ...>
<!-- DO NOT REMOVE THIS -->{{Template:HowTo/End}}<!-- DO NOT REMOVE THIS -->
==See also==
<!-- DO NOT MODIFY THE NAME OF THIS SECTION, BUT REMOVE IT IF NOT REQUIRED -->
* [[SYSCLS_EXTERNALAUTHCONFIG|External Auth Config Classification (SSO)]]* [[Category:How-ToSYSCLS_EXTERNALENTITY|External Entity Classification (SSO)]]
[[Category:How-To|Integrate UBIK in an SSO Environment]]
