Build.One Documentation
Page tree
Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 5 Next »

 

 

Available authentication methods:

AkiomaUser

Front-end - Back-end interaction:

Basic hybridRealm authentication. The PASOE validates the provided credentials (username & password) directly, using the ISwatAuthenticationService.

 

ActiveDirectory

Front-end - Back-end interaction:

 

Note: node-main is hidden from the client.

 

In order to use ActiveDirectory authentication, the following configuration settings must be present in pasoe-config.xml / OEPAS_config.xml:

  • ssoAuthenticationURI - node-main access-point for AD authentication - takes username, password 
  • ssoAuthenticationCheckURI - node-main access-point for checking if a valid SSO session was created, for verifying if the AD authentication was successful.
  • ssoAuthenticationSecretKey - OPTIONAL - secret key known by PASOE and node-main that is passed in the requests to node-main. Provides additional validation that the requests are done from a trusted source (PASOE).

Example:

pasoe-config.xml / OEPAS_config.xml
	<AllowedAuthentication>ActiveDirectory</AllowedAuthentication>
	<ssoAuthenticationURI>http://localhost:8888/auth/ad/login</ssoAuthenticationURI>
	<ssoAuthenticationCheckURI>http://localhost:8888/auth/ad/sessions</ssoAuthenticationCheckURI>
	<ssoAuthenticationSecretKey>12345678901</ssoAuthenticationSecretKey><!-- OPTIONAL -->

 

AzureActiveDirectory

TBD by Sergiu MorarSebastian Lucaciu

 

Security settings:

Enable/Disable authentication methods

In order to use the existing AkiomaUser and/or ActiveDirectory authentication/s, the <AllowedAuthentication> property must be present in the pasoe-config.xml / OEPAS_config.xml configuration file.

The AllowedAuthentication property is a comma separated list, containing enabled authentication methods. Default value is "AkiomaUser".

 

Example:

pasoe_config.xml / OEPAS_config.xml
<AllowedAuthentication>AkiomaUser,ActiveDirectory</AllowedAuthentication>

 

The property is checked, during the authentication processes, if the current authentication is allowed.

Example for AkiomaUser check:

CheckIsAllowedAkiomaUserAuth
    METHOD PROTECTED VOID CheckIsAllowedAkiomaUserAuth():
        IF LOOKUP("AkiomaUser", SessionManager:AllowedAuthentication) EQ 0 THEN
            UNDO, THROW NEW Exception("AkiomaUser authentication is disabled!", 1).
    END METHOD.

 



 

  • No labels