Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Navigate to /RoleManager URL then click the Authentication Providers menu.

RoleManager can integration to any external provider that supports:

  • OpenID Connect (oidc), or
  • ADFS

Prerequisites

  • Complete application registration in the respective authentication provider, e.g. configure redirect_URL, rely_party;
  • Request credentials for connecting to the authentication provider, e.g. client_id, client_secret;
  • Setup claims mapping at the authentication provider if required.

...

ProviderApplication RegistrationInformation Required for RoleManager ConfigurationRoleManager Configuration JSON
Azure AD

Registration steps: https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-register-app. Register for single tenant is recommended.

Redirect URI: https://<OneList hostname>/rolemananger/signin-azure

  • Azure tenant id
  • Application id
  • Client secret
{
"clientid": "<Application id>",
"clientsecret": "<Client secret>",
"Authority": "https://login.microsoftonline.com/<Azure tenant id>/v2.0",
"CallbackPath": "/signin-azure",
"SaveTokens": false
}
ADFS

Registration steps: https://docs.microsoft.com/en-us/aspnet/core/security/authentication/ws-federation?view=aspnetcore-2.2

Rely Party: https://<OneList hostname>/ 

Map the SAMAccount-Name to the Name ID claim. 

Hint: use the Windows event log on the ADFS server to investigate errors, and the rely party above must end with '/'.

  • Meta data address, e.g. 
https://adfs.mycompany.com/FederationMetadata/2007-06/FederationMetadata.xml
{
"MetadataAddress": "<the meta data address>",
"Wtrealm": "https://<OneList host>/"
}
Google

Registration steps: https://developers.google.com/identity/sign-in/web/devconsole-project

Redirect URL: https://<OneList hostname>/rolemanager/signin-google

  • client id
  • client secret

{

"Authority" = "https://accounts.google.com"
"clientid":"<client id>",
"clientsecret":"client secret",

"CallbackPath":"/signin-google",

"Scope": ["email"]
}

Salesforce

Create a connected app: https://developer.salesforce.com/docs/atlas.en-us.api_streaming.meta/api_streaming/code_sample_auth_oauth.htm

Callback URL: https://<onelist hostname>/rolemanager/signin-salesforce

  • consumer key
  • consumer secret
{
"Authority": "https://login.salesforce.com",
"ClientId": "<consumer key>",
"ClientSecret": "<consumer secret>",
"CallbackPath": "/signin-salesforce",
"Scope": ["offline_access","api"]
}
SAP

OpenID Connect registration: https://help.sap.com/viewer/6d6d63354d1242d185ab4830fc04feb1/Cloud/en-US/8a0aa2ea5a0744879a7ec2be0bc023cf.html

Callback URL: https://<onelist hostname>/rolemanager/signin-sap

  • Client ID
  • Secret
{
"Authority": "<environment/sucscription based URL>",
"ClientId": "<Client ID>",
"ClientSecret": "<Secret>",
"CallbackPath": "/signin-sap"
}