OAuth Authentication - EcoSys - Customization & Programming - Hexagon

EcoSys Web Service API Usage Documentation

Language
English
Product
EcoSys
Search by Category
Customization & Programming
EcoSys Version
9.3

EcoSys supports using either Basic or OAuth Authentication for REST. The default authentication for REST is Basic. To configure EcoSys to use OAuth Authentication for REST:

  1. Configure an OAuth2 Token Provider for EcoSys REST OAuth. Refer to Configuring an OAuth2 token providers for EcoSys and EcoSys Connect

    EcoSys REST OAuth supports two token providers.

    • Keycloak

    • Okta

  2. Configure the EcoSys server settings:

    1. Login to the EcoSys application.

    2. Go to Admin -> System Utilities -> Edit Server Settings.

    3. Set the following server settings:

      server.api.rest.authentication.oauth2.enabled=true

      This enables OAuth authentication and disables REST Authentication except for the user with login name admin accessing APIs with the name DeactivateUserandResource, ReactivateUserandResource, UpdateUserandCreateResource, Users, UsersAudit

      To close this exemption, disable the API on the user with login name admin or use a different login name for the administrator user or ensure there are no APIs with the above names.

      Additional exemptions can be made by setting the following server settings:

      • server.api.rest.authentication.oauth2.basicAuthUsernamesAllowed - a comma-separated list of additional user names that can use basic authentication even when OAuth2 is enabled (default is not set)

      • server.api.rest.authentication.oauth2.basicAuthApisAllowed- a comma-separated list of additional APIs that can be accessed using basic authentication even when OAuth2 is enabled (default is not set)

        This setting has no effect on SOAP API calls.

    4. oauth.token.baseUrl - Set to the Base URL for the token provider.

  3. Restart the application server.

Configure the EcoSys server settings to enable oAuth2 authentication for SOAP APIs

  1. Go to Admin > System Utilities > Edit Server Settings.

  2. Enable the following server

    server.api.soap.authentication.oauth2.enabled

  3. Set to the Base URL for new customers using OAuth as follows:

    oauth.token.baseurl=<link>/realms/master

  4. Restart the application server.