Apart from native and LDAP authentication, EcoSys now supports Open ID authentication which allows users to login using Authentication providers that support Open ID protocol.
To setup Open ID authentication,
-
Choose the Open ID provider you want to use and configure it. Refer to Configuring an OAuth2 token providers for EcoSys and EcoSys Connect to know how to configuring OAuth2 token providers for EcoSys and EcoSys Connect.
-
Configure the Open ID server settings in EcoSys and restart.
-
Set the following properties:
server.authentication.openId.enabled=true
server.authentication.openId.baseUrl= BaseUrl for the OAuth2 Token Provider
server.authentication.openId.clientId=<Client ID>server.authentication.openId.clientSecret=<Client Secret>
-
Restart EcoSys
-
-
Configure the users in the provider and EcoSys.
-
Any user in the OpenID provider must be created in EcoSys with Authentication Mode set to Custom
-
Ecosys considers "preferred_username" as login name that is received as claim from the token. If "preferred_username" is not available in the token, it considers "sub" received as claim in the token. Then it validates it as login name in its database (Generally it is UserName/Login ID from the provider). The claims that are sent to Ecosys can be configured in openId provider authorization server settings.
-
-
When EcoSys session timeout occurs, and SSO is still active, the following warming message appears:
Once you click the REACTIVE SESSION, a new session is opened in a new tab without asking for credentials, and in the default tab the working data will be available to edit/save.
-
When Ecosys session and SSO both are timed out, warming message appears, and once you click the REACTIVE SESSION, a new login page for SSO opens asking you to re-login. You can signin with your credentials, and in the default tab, the working data will be available to edit/save.