View Source

Available authentication methods:

AkiomaUser

Front-end - Back-end interaction:

Build.One Documentation > Authentication > AU FrontEnd-Backend interaction.png

Basic hybridRealm authentication. The PASOE validates the provided credentials (username & password) directly, using the ISwatAuthenticationService.

ActiveDirectory

Front-end - Back-end interaction:

Build.One Documentation > Authentication > FrontEnd-Backend interaction.png

Note: node-main is hidden from the client.

In order to use ActiveDirectory authentication, the following configuration settings must be present in pasoe-config.xml / OEPAS_config.xml:

ssoAuthenticationURI - node-main access-point for AD authentication - takes username, password
ssoAuthenticationCheckURI - node-main access-point for checking if a valid SSO session was created, for verifying if the AD authentication was successful.
ssoAuthenticationSecretKey - OPTIONAL - secret key known by PASOE and node-main that is passed in the requests to node-main. Provides additional validation that the requests are done from a trusted source (PASOE).

Example:

	<AllowedAuthentication>ActiveDirectory</AllowedAuthentication>
	<ssoAuthenticationURI>http://localhost:8888/auth/ad/login</ssoAuthenticationURI>
	<ssoAuthenticationCheckURI>http://localhost:8888/auth/ad/sessions</ssoAuthenticationCheckURI>
	<ssoAuthenticationSecretKey>12345678901</ssoAuthenticationSecretKey>

AzureActiveDirectory

TBD by Sergiu Morar / Sebastian Lucaciu

Security settings:

Enable/Disable authentication methods

In order to use the existing AkiomaUser and/or ActiveDirectory authentication/s, the <AllowedAuthentication> property must be present in the pasoe-config.xml / OEPAS_config.xml configuration file.

The AllowedAuthentication property is a comma separated list, containing enabled authentication methods. Default value is "AkiomaUser".

Example:

<AllowedAuthentication>AkiomaUser,ActiveDirectory</AllowedAuthentication>

The property is checked, during the authentication processes, if the current authentication is allowed.

Example for AkiomaUser check:

    METHOD PROTECTED VOID CheckIsAllowedAkiomaUserAuth():
        IF LOOKUP("AkiomaUser", SessionManager:AllowedAuthentication) EQ 0 THEN
            UNDO, THROW NEW Exception("AkiomaUser authentication is disabled!", 1).
    END METHOD.