Skip to content

Authentication

Jump to bottom
Kalyan Venkat Varanasi edited this page Jan 7, 2020 · 6 revisions

Introduction

This gives information about the authentication and authorization functionality in Flair BI application.

The Flair BI application uses spring security to manage authentication and authorization. It uses session-based authentication (for more information session click here). Currently, we are supporting three types of authentications mechanisms.

  1. Application
  2. LDAP
  3. OAuth (Okta)

The application layer will always handle the authorization. Flair-Bi is a single page application, and the entire application is built on the REST principles. All the requests to the application are secured except few like login page, reset password which requires anonymous access.

How it works

Application

When a user provides the credentials, those credentials are validated with the authentication filter chain. Application authentication is the first filter in the chain that tries to validate the user credentials. If user credentials are valid upon checking with the database, the user will be authenticated and redirected to the home page. If the user credentials are not valid, then spring security tries to validate this user with the next authentication mechanism in the filter chain.

Configuration

This works with the default installation.

LDAP

If the application layer authentication fails, then user credentials are validated with the configured LDAP server. If the user credentials are valid, then the user will be replicated to the application database with a random hashed password.

We are replicating the user to the application database to manage user authorization for dashboards and views.

Configuration

This can be configured in application-<profile>.yml file under jhipster and ldapsettings

   ldapsettings:
        url:
        base:
        userDn: 
        password:

Above settings, information can be taken from LDAP server

OAuth (Okta)

User can authenticate using Okta, which acts as an identity provider. Once the user is authenticated using Okta user information is replicated to the application database to handle authorizations.

Configuration

This can be configured in application-<profile>.yml file under security and oauth2

security:
    oauth2:
        client:
            # From OIDC app
            clientId: 
            clientSecret: 
            # From Authorization Server's metadata
            accessTokenUri: 
            userAuthorizationUri: 
            clientAuthenticationScheme: form
            scope: openid profile email
        resource:
            # from your Auth Server's metadata, check .well-known/openid-configuration
            # if not in .well-known/oauth-authorization-server
            userInfoUri: 
            preferTokenInfo:

Above settings information can be taken from okta idp.

Tip: If you are using docker then pass this configurations as variables from you docker compose file.

Did you find what you are looking for? If not, please feel free to raise an issue. Any pull requests are welcome! 🙇

Clone this wiki locally