Skip to main content
Skip table of contents

Setting Up SSO Authentication

Configuring CData Virtuality OAuth 2 Server

To configure the CData Virtuality OAuth 2 server, follow these steps:

1. Set up access settings for your client in the CData Virtuality OAuth 2 server:

  1. Go to your realm → your client → Settings;

  2. Add the following Valid redirect URIs:
    <CData Virtuality server URL e.g. http://localhost:8180 >/*;

  3. Add the following Web origins:
    <CData Virtuality server URL>

2. Set up login settings. Turn off Consent required in the same client settings.

3. Set up service account roles:

  1. Go to your realm → your client → Service account roles

  2. Assign the following roles:

  • realm-management view-users

  • realm-management view-realm

Using SSO for Authentication in CData Virtuality Server

To use SSO for authentication, configure the connection parameters in the CData Virtuality Server and load the SSO users and roles.

Setting the Option Values

You need to set following CData Virtuality OAuth 2 server option values:

CODE
CALL "SYSADMIN.setDefaultOptionValue"("opt" => 'DV_AUTH_SERVER_URL', "val" => <СData Virtuality OAuth 2 server URL. E.g. http://localhost:8080>);;
CALL "SYSADMIN.setDefaultOptionValue"("opt" => 'DV_AUTH_REALM', "val" => <your realm name taken from СData Virtuality OAuth 2 server>);;
CALL "SYSADMIN.setDefaultOptionValue"("opt" => 'DV_AUTH_CLIENT_ID', "val" => <client ID taken from СData Virtuality OAuth 2 server>);;
CALL "SYSADMIN.setDefaultOptionValue"("opt" => 'DV_AUTH_CLIENT_SECRET', "val" => <client secret taken from СData Virtuality OAuth 2 server>);;
CALL "SYSADMIN.setDefaultOptionValue"("opt" => 'DV_AUTH_LOAD_USERS', "val" => true);;
CALL "SYSADMIN.setDefaultOptionValue"("opt" => 'DV_AUTH_LOAD_ROLES', "val" => true);;

Loading SSO Roles and Users

Connect to the СData Virtuality Server using the standard СData Virtuality authentication mechanism as admin and follow these steps:

1. Run the SYSADMIN.refreshSSOUserCache procedure:

CODE
CALL "SYSADMIN.refreshSSOUserCache"();;

SSO roles and users will be loaded.

SSO roles and users have @SSO ending (e.g. admin-role@SSO, user_1@SSO, etc.), and SSO user-role mapping can be seen in SYSADMIN.UserRoles after SSO users and roles are loaded.

2. Set permissions for SSO roles.

Permissions can be set in one of two ways:

  1. By setting permissions for an object to the SSO role:

CODE
CALL "SYSADMIN.setPermissions"(
    "role_name" => 'admin-role@SSO',
    "resourceName" => '*',
    "permissions" => 'CRUDEAL'
);;
  1. By mapping SSO roles to CData Virtuality roles. In this case, all the permissions from the CData Virtuality role will be granted to the SSO role:

CODE
CALL "SYSADMIN.setPermissions"(
    "role_name" => 'admin-role@SSO',
    "mapToRole" => 'admin-role'
);;

Connecting to CData Virtuality Server via SSO using Studio

After roles and users are loaded and permissions are set, you can connect to the CData Virtuality Server via SSO using the OAuth 2/OpenID authentication.

The URL is the СData Virtuality OAuth 2 Server URL, e.g. http://localhost:8080>/realms/<realm name>/.well-known/openid-configuration.

Client credentials for connection are the same as for the option values. You can use username/password or access/refresh tokens to connect.

Connecting to CData Virtuality Server via SSO using Web UI

The default parameters, such as the CData Virtuality OAuth 2 server URL, client ID, and client secret, are set in the dvserver\standalone\deployments\api.war\WEB-INF\classes\service-on-premise.properties file.

To modify these parameters, unzip the api.war file, change the parameters as needed, and then zip it back.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.