0

OAuth 2.0/OpenID 1.0

Description

LogicNets integrates the OAUTH 2.0/OpenID connect authentication framework, which is widely adopted and supported by many identity providers. LogicNets supports all OAuth 2.0/OpenID identity providers (IdPs) that support the 'Authorization Code' Flow and sign their tokens with RS256 or ES256 algorithms. 

You can integrate OAUTH 2.0/OpenID Connect in your application by enabling Authentication in your application project and configuring your identity provider in our standard Logon module. In the attached example of an company's configuration file, both Google and a company's specific IdP are configured.

Interaction

The following sequence diagram illustrates the interaction between the browser, LogicNets, and the identity provider.

Configure the Logon Package

Users can configure the LogicNets Logon package to authenticate users with external identity providers, including Google, Live, Office365, and others. To configure the Logon package, follow the steps detailed below.

 

1. Register your application with the identity provider. LogicNets has a generic registration for Office365, Google, or Windows Live. It is possible to use these if your LogicNets installation is hosted on a LogicNets server. If you want to use the generic registration continue with Step 4. Otherwise, start registering your application using the following links:

2. The identity provider will ask for details like application name, logos, and a redirect URL. You should use your own installation redirect proxy (https://<your-host>/authentication.lns).

3. The identity provider will generate a client id and client secret. Store this data in a secure location, as some providers do not allow you to review this information at a later point in time.

4. Open the logicnets configuration of your installation at /system/lib/sys/settings.cfg

  • A quick note about settings:
    • If you add the IDP config to dat/settings.cfg then it will apply to all companies in the installation.
    • If you add the IDP config to dat/<company>/settings.cfg then that IDP configuration will only apply to that one company.

      In general, company-level settings override system-level settings, but when a setting is not specified it will default the system-level settings or even the software default settings.

5. Fill in the client_id, client_secret, and redirect_uri, e g. for Windows Live please adapt _session. AUTH.MODES.windows_live. You can also use another identity provider in addition to Windows Live, SMART Health IT, Office 365, and Google.

6. To enable one or more identity providers adapt OAUTH_MODES  in _context.

7. Add users to the company’s admin database or through the portal. Since users log in externally, you do not need to save passwords.

2replies Oldest first
  • Oldest first
  • Newest first
  • Active threads
  • Popular
  • In step 4, should the settings.cfg file that is edited be the one located at /dat/settings.cfg or /dat/bnt/<company>/settings.cfg?

    Like
    • Katie Sieg - Thank you for your question. 

      If the IDP config is added to dat/settings.cfg then it will apply to all companies in the installation

      If the IDP config is added to dat/<company>/settings.cfg  then that IDP configuration will only apply to that one company.

       

      This is a general mechanism that applies to all settings. Company level settings override System level settings, but when a setting is not specified it will default the system level settings or even the software default settings. 

      We will update the document with this additional information.

      Like
Like Follow
  • 2 wk agoLast active
  • 2Replies
  • 59Views
  • 5 Following

Home