Skip to main content
Skip table of contents

Setting Up SSO Authentication

Configuring CData Virtuality OAuth 2 Server

To configure the CData Virtuality OAuth 2 server, follow these steps:

1. Set up access settings for your client in the CData Virtuality OAuth 2 server:

  1. Go to your realm → your client → Settings;

  2. Add the following Valid redirect URIs:
    <CData Virtuality server URL e.g. http://localhost:8180 >/*;

  3. Add the following Web origins:
    <CData Virtuality server URL>

2. Set up login settings. Turn off Consent required in the same client settings.

3. Set up service account roles:

  1. Go to your realm → your client → Service account roles

  2. Assign the following roles:

  • realm-management view-users

  • realm-management view-realm

Using SSO for Authentication in CData Virtuality Server

To use SSO for authentication, configure the connection parameters in the CData Virtuality Server and load the SSO users and roles.

Setting the Option Values

You need to set following CData Virtuality OAuth 2 server option values:

CODE 
CALL "SYSADMIN.setDefaultOptionValue"("opt" => 'DV_AUTH_SERVER_URL', "val" => <СData Virtuality OAuth 2 server configuration URL. E.g. http://localhost:8080/realms/<realm name>/.well-known/openid-configuration);;
CALL "SYSADMIN.setDefaultOptionValue"("opt" => 'DV_AUTH_REALM', "val" => <your realm name taken from СData Virtuality OAuth 2 server>);;
CALL "SYSADMIN.setDefaultOptionValue"("opt" => 'DV_AUTH_CLIENT_ID', "val" => <client ID taken from СData Virtuality OAuth 2 server>);;
CALL "SYSADMIN.setDefaultOptionValue"("opt" => 'DV_AUTH_CLIENT_SECRET', "val" => <client secret taken from СData Virtuality OAuth 2 server>);;
CALL "SYSADMIN.setDefaultOptionValue"("opt" => 'DV_AUTH_LOAD_USERS', "val" => true);;
CALL "SYSADMIN.setDefaultOptionValue"("opt" => 'DV_AUTH_LOAD_ROLES', "val" => true);;

Loading SSO Roles and Users

Connect to the СData Virtuality Server using the standard СData Virtuality authentication mechanism as admin and follow these steps:

1. Run the SYSADMIN.refreshSSOUserCache procedure:

CODE 
CALL "SYSADMIN.refreshSSOUserCache"();;

SSO roles and users will be loaded.

SSO roles and users have @SSO ending (e.g. admin-role@SSO, user_1@SSO, etc.), and SSO user-role mapping can be seen in SYSADMIN.UserRoles after SSO users and roles are loaded.

2. Set permissions for SSO roles.

Permissions can be set in one of two ways:

  1. By setting permissions for an object to the SSO role:

CODE 
CALL "SYSADMIN.setPermissions"(
    "role_name" => 'admin-role@SSO',
    "resourceName" => '*',
    "permissions" => 'CRUDEAL'
);;

  1. By mapping SSO roles to CData Virtuality roles. In this case, all the permissions from the CData Virtuality role will be granted to the SSO role:

CODE 
CALL "SYSADMIN.setPermissions"(
    "role_name" => 'admin-role@SSO',
    "mapToRole" => 'admin-role'
);;

Connecting to CData Virtuality Server via SSO using Studio

After the DV_AUTH option values are set, roles and users are loaded, and permissions are set, you can connect to the CData Virtuality Server via SSO using the OAuth 2/OpenID authentication.

You can use username/password or access/refresh tokens to connect.

Version 4.10 and older

The URL is the СData Virtuality OAuth 2 Server URL, e.g. http://localhost:8080>/realms/<realm name>/.well-known/openid-configuration.

Client credentials for connection are the same as for the corresponding DV_AUTH option values.

Version 4.11 and above

The configuration URL, client ID, and client secret are no longer set in the CData Virtuality Studio.

Connecting to CData Virtuality Server via SSO using Web UI

After the DV_AUTH option values are set, roles and users are loaded and permissions are set, you can connect to the CData Virtuality Server via SSO using the SSO authentication wizard.

Version 4.10 and older

The default parameters, such as the CData Virtuality OAuth 2 server URL, client ID, and client secret, are set in the dvserver\standalone\deployments\api.war\WEB-INF\classes\service-on-premise.properties file.

To modify these parameters, unzip the api.war file, change the parameters as needed, and then zip it back.

Version 4.11 and above

The configuration URL, client ID, and client secret are automatically retrieved from the server.

Connecting to CData Virtuality Server via SSO using JDBC clients

After the DV_AUTH option values are set, roles and users are loaded and permissions are set, you can connect to the CData Virtuality Server via SSO using the OAuth 2/OpenID authentication.

Set the authType=OAUTH2 parameter to use OAuth 2 authentication.

You can use username/password or access/refresh tokens to connect.

Version 4.10 and older

Client credentials for the connection are the same as the DV_AUTH option values and should be passed in the connection string.

Connection string example:

CODE 
jdbc:datavirtuality:datavirtuality@mm://localhost:31200;SHOWPLAN=ON;configurationUrl=http://localhost:8080/realms/odata-oauth/.well-known/openid-configuration;clientId=<client_Id>;clientSecret=<client_secret>;authType=OAUTH2

Version 4.11 and above

Connection string example:

CODE 
jdbc:datavirtuality:datavirtuality@mm://localhost:31000;authType=OAUTH2

configurationUrl, clientId, and clientSecret JDBC properties are deprecated and will be ignored if included in the connection string.

configurationUrl, clientId, and clientSecret JDBC properties have been deprecated since v4.11

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close