Setting Up SSO Authentication
Configuring CData Virtuality OAuth 2 Server
To configure the CData Virtuality OAuth 2 server, follow these steps:
1. Set up access settings for your client in the CData Virtuality OAuth 2 server:
Go to your realm → your client → Settings;
Add the following Valid redirect URIs:
<CData Virtuality server URL e.g. http://localhost:8180 >/*;Add the following Web origins:
<CData Virtuality server URL>
2. Set up login settings. Turn off Consent required in the same client settings.
3. Set up service account roles:
Go to your realm → your client → Service account roles
Assign the following roles:
realm-management view-users
realm-management view-realm
Using SSO for Authentication in CData Virtuality Server
To use SSO for authentication, configure the connection parameters in the CData Virtuality Server and load the SSO users and roles.
Setting the Option Values
You need to set following CData Virtuality OAuth 2 server option values:
CODE
|
Loading SSO Roles and Users
Connect to the СData Virtuality Server using the standard СData Virtuality authentication mechanism as admin and follow these steps:
1. Run the SYSADMIN.refreshSSOUserCache
procedure:
CODE
|
SSO roles and users will be loaded.
SSO roles and users have @SSO ending (e.g. admin-role@SSO
, user_1@SSO
, etc.), and SSO user-role mapping can be seen in SYSADMIN.UserRoles
after SSO users and roles are loaded.
2. Set permissions for SSO roles.
Permissions can be set in one of two ways:
By setting permissions for an object to the SSO role:
CODE
|
By mapping SSO roles to CData Virtuality roles. In this case, all the permissions from the CData Virtuality role will be granted to the SSO role:
CODE
|
Connecting to CData Virtuality Server via SSO using Studio
After roles and users are loaded and permissions are set, you can connect to the CData Virtuality Server via SSO using the OAuth 2/OpenID authentication.
The URL is the СData Virtuality OAuth 2 Server URL, e.g. http://localhost:8080>/realms/<realm name>/.well-known/openid-configuration
.
Client credentials for connection are the same as for the option values. You can use username/password or access/refresh tokens to connect.
Connecting to CData Virtuality Server via SSO using Web UI
The default parameters, such as the CData Virtuality OAuth 2 server URL, client ID, and client secret, are set in the dvserver\standalone\deployments\api.war\WEB-INF\classes\service-on-premise.properties
file.
To modify these parameters, unzip the api.war
file, change the parameters as needed, and then zip it back.