Skip to content

Latest commit

 

History

History
133 lines (101 loc) · 3.98 KB

web-auth.md

File metadata and controls

133 lines (101 loc) · 3.98 KB
Raw

Web Authentication

TimeBase Web Administrator supports two types of authentication: built-in OAuth2 & SSO. One of those types must be enabled to run the application.

Built-In Authentication Configuration

In this case the Web Application performs the roles of the authentication service provider.

Built-In Authentication is enabled by default in the standard configuration of the application.

Refer to Configuration to learn how to configure the application.

SSO Configuration

  1. Authentication service provider identification check is made upon each application start.
  2. Browser local storage is checked to have a Refresh Token for the current user.
  3. If Refresh Token exists, Silent Token Update is performed to obtain a new Access Token.
  4. If Silent Token Update fails for any reason, the user will be logged out and redirected to a Login page.

ORY Hydra

To enable SSO with ORY Hydra, add the following configuration.

Refer to Configuration to learn how to configure the application.

spring:
  security:
    oauth2:
      resourceserver:
        jwt:
          issuer-uri: <service provider uri>

security:
  oauth2:
    provider:
      providerType: SSO
      name: hydra
      clientId: <client_id>
      validateIssuer: false
      userInfo:
        enable: true

Amazon Cognito

To enable SSO with Amazon Cognito, add the following configuration.

Refer to Configuration to learn how to configure the application.

spring:
  security:
    oauth2:
      resourceserver:
        jwt:
          issuer-uri: <service provider uri>

security:
  oauth2:
    provider:
      providerType: SSO
      name: cognito
      clientId: <client_id>
      audience: <audience>
      configUrl: <service provider config url>
      logoutUrl: <service provider logout url>
      usernameClaim: username
      validateIssuer: true

Keycloak

To enable SSO with Keycloak, add the following configuration.

Refer to Configuration to learn how to configure the application.

spring:
  security:
    oauth2:
      resourceserver:
        jwt:
          issuer-uri: <service provider uri>

security:
  oauth2:
    provider:
      provider-type: SSO
      name: keycloak
      clientId: <client_id>
      usernameClaim: preferred_username
      validateIssuer: false
      validateClientId: true

Auth0

To enable SSO with Auth0, add the following configuration.

Refer to Configuration to learn how to configure the application.

spring:
  security:
    oauth2:
      resourceserver:
        jwt:
          issuer-uri: <service provider uri>

security:
  oauth2:
    provider:
      providerType: SSO
      name: auth0
      clientId: <client_id>
      audience: <audience url>
      configUrl: <configuration url>
      logoutUrl: <logout url>

Refer to Auth0 Configuration to learn how to configure Auth0.

Samples