Changes
/* Interfacing */
* On the server side, make sure that an SSO Processor is configured able to process the responses from the IdP. Also, the processor can be customized for managing the login in greater detail and according to the project's requirements.
== Interfacing with SSO ==When a {{UBIK}} object is synchronized between client and server, the {{UBIK}} customizing can interact with external systems. There, we might require authorizationauthentication, and we need the user to provide a respective token so we can act on their behalf. In order to do so, we have to identify clarify the specific authorization use-casesfollowing details:* For which types of objects (meta classes) do I need to interact with external systems, requiring SSO authorizationauthentication?* For which synchronization operations (e.g., update, commit, create, etc.) do I need authorizationauthentication?
* Which SSO client configurations (identity provider base URL, scopes, etc. - see "login") are used in this case?
For each resulting combination we have to create an [[SYSCLS_EXTERNALAUTHCONFIG|External Auth Config]] object and give it to the client in the infrastructure list.
Further, we have to make sure the authorization authentication tokens can be transported to the server. Therefore, add the [[SYSCLS_EXTERNALENTITY|External Entity Classification]] to all meta classes of objects that need external authorizationauthentication.
With this, the {{UBIK}} session in the web service's {{UBIK}} Environment is tagged with the SSO token, and the customizing code can use it to interact with 3rd party systems.
[[Category:How-To|Integrate UBIK in an SSO Environment]]
[[Category:SSO|Integrate UBIK in an SSO Environment]]
[[Category:Version 3.6|Integrate UBIK in an SSO Environment]]
= Studio =
