Using Open ID Authentication - EcoSys - Administration & Configuration - Hexagon

EcoSys System Administration

Language
English (United States)
Product
EcoSys
Search by Category
Administration & Configuration
EcoSys Version
9.0

Apart from native and LDAP authentication, EcoSys now supports Open ID authentication which allows users to login using Authentication providers that support Open ID protocol.

To setup Open ID authentication,

  1. Choose the Open ID provider you want to use and configure it. Refer to Configuring an OAuth2 token providers for EcoSys and EcoSys Connect to know how to configuring OAuth2 token providers for EcoSys and EcoSys Connect.

  2. Configure the Open ID server settings in EcoSys and restart.

    1. Set the following properties:

      server.authentication.openId.enabled=true

      server.authentication.openId.baseUrl= BaseUrl for the OAuth2 Token Provider
      server.authentication.openId.clientId=<Client ID>

      server.authentication.openId.clientSecret=<Client Secret>

    2. Restart EcoSys

  3. Configure the users in the provider and EcoSys.

    1. Any user in the OpenID provider must be created in EcoSys with Authentication Mode set to Custom

    2. Ecosys considers "preferred_username" as login name that is received as claim from the token. If "preferred_username" is not available in the token, it considers "sub" received as claim in the token. Then it validates it as login name in its database (Generally it is UserName/Login ID from the provider). The claims that are sent to Ecosys can be configured in openId provider authorization server settings.

Configure the EcoSys server settings for Open ID with Okta

  1. Set the following properties:

    server.authentication.openId.enabled=true

    server.authentication.openId.baseUrl= Okta oAuth URL Example, https://dev.okta.com/oauth2/default/
    server.authentication.openId.clientId=<Client ID>

    server.authentication.openId.clientSecret=<Client Secret>

  2. Restart EcoSys