No edit summary |
No edit summary |
||
| Line 1: | Line 1: | ||
If you put your OnPrem Turnkey installation under a generic catch all authentication umbrella (like [https://www.shibboleth.net/ Shibboleth]) you may want to make use of that externally provided identity in your | If you put your OnPrem Turnkey installation under a generic catch-all authentication umbrella (like [https://www.shibboleth.net/ Shibboleth]), you may want to make use of that externally provided identity in your Turnkey application. | ||
The normal scenario is that the authentication umbrella that makes sure your user is identified before ever reaching your application | The normal scenario is that the authentication umbrella that makes sure your user is identified before ever reaching your application adds a header to each call you get. | ||
To make use of such a header you can now configure your installation like this: | To make use of such a header, you can now configure your installation like this: | ||
In [[TurnkeySettings]].xml | In [[TurnkeySettings]].xml add this: | ||
<HeaderBasedAuthenticationTag>The Header you want to catch</HeaderBasedAuthenticationTag> | <HeaderBasedAuthenticationTag>The Header you want to catch</HeaderBasedAuthenticationTag> | ||
The value of that header will then be used as the User-identity (email) for SysUser in your model. | The value of that header will then be used as the User-identity (email) for SysUser in your model. | ||
If the value is only a reference and the user info must be looked up elsewhere you can do so by creating a serverside job that does something like this: | If the value is only a reference and the user info must be looked up elsewhere, you can do so by creating a serverside job that does something like this: | ||
Act on all : SysUser.allinstances->select(not ReferenceIsResolved) | Act on all: SysUser.allinstances->select(not ReferenceIsResolved) | ||
For each : Resolve the reference (maybe by calling external web-service with RESTGet) and set ReferenceIsResolved:=true | For each: Resolve the reference (maybe by calling external web-service with RESTGet) and set ReferenceIsResolved:=true | ||
(ReferenceIsResolved is a new property you must add to SysUser in your model) | (ReferenceIsResolved is a new property you must add to SysUser in your model) | ||
==== After | ==== After Log out / Log off ==== | ||
You can add this tag to the TurnkeySettings.xml file to influence what | You can add this tag to the TurnkeySettings.xml file to influence what URL to go to after logging out: | ||
<AfterLogOutUrl>'''<nowiki>https://www.google.se</nowiki>'''/</AfterLogOutUrl> | <AfterLogOutUrl>'''<nowiki>https://www.google.se</nowiki>'''/</AfterLogOutUrl> | ||
If this setting is found it should show up early after application | If this setting is found, it should show up early after the application starts in the log file like this: | ||
2018-10-18 22:58:24,045 [8] INFO StreamingAppGenericAPIAndControllers.LogUsageTurnkey - OptionalAfterLogOutUrl set to '''<nowiki>https://www.google.se/</nowiki>'''<nowiki><br/></nowiki> | 2018-10-18 22:58:24,045 [8] INFO StreamingAppGenericAPIAndControllers.LogUsageTurnkey - OptionalAfterLogOutUrl set to '''<nowiki>https://www.google.se/</nowiki>'''<nowiki><br/></nowiki> | ||
(This scenario is used by Finansinspektionen - BankId - Shibboleth) | (This scenario is used by Finansinspektionen - BankId - Shibboleth) | ||
==== Special handling of | ==== Special handling of Clicking on the Logged-in User in the Header ==== | ||
When you need the click on the user name shown in the header to take you elsewhere than Account/Manage | When you need the click on the user name shown in the header to take you elsewhere than Account/Manage, make it go to named ViewModel instead: | ||
<CurrentUserViewModel>'''CurrentUserInfo'''</CurrentUserViewModel> | <CurrentUserViewModel>'''CurrentUserInfo'''</CurrentUserViewModel> | ||
If this setting is found it should show up early after app | If this setting is found, it should show up early after the app starts in the log file like this: | ||
2018-10-18 23:02:20,551 [6] INFO StreamingAppGenericAPIAndControllers.LogUsageTurnkey - ManageUserUrl set to <nowiki>https://localhost:44300/Turnkey/AngularApp#/</nowiki>'''CurrentUserInfo'''/$null$<nowiki><br/></nowiki> | 2018-10-18 23:02:20,551 [6] INFO StreamingAppGenericAPIAndControllers.LogUsageTurnkey - ManageUserUrl set to <nowiki>https://localhost:44300/Turnkey/AngularApp#/</nowiki>'''CurrentUserInfo'''/$null$<nowiki><br/></nowiki> | ||
[[Category:Security]] | |||
[[Category:Security]] | |||
Revision as of 07:09, 21 March 2023
If you put your OnPrem Turnkey installation under a generic catch-all authentication umbrella (like Shibboleth), you may want to make use of that externally provided identity in your Turnkey application.
The normal scenario is that the authentication umbrella that makes sure your user is identified before ever reaching your application adds a header to each call you get.
To make use of such a header, you can now configure your installation like this:
In TurnkeySettings.xml add this:
<HeaderBasedAuthenticationTag>The Header you want to catch</HeaderBasedAuthenticationTag>
The value of that header will then be used as the User-identity (email) for SysUser in your model.
If the value is only a reference and the user info must be looked up elsewhere, you can do so by creating a serverside job that does something like this:
Act on all: SysUser.allinstances->select(not ReferenceIsResolved)
For each: Resolve the reference (maybe by calling external web-service with RESTGet) and set ReferenceIsResolved:=true
(ReferenceIsResolved is a new property you must add to SysUser in your model)
After Log out / Log off
You can add this tag to the TurnkeySettings.xml file to influence what URL to go to after logging out:
<AfterLogOutUrl>https://www.google.se/</AfterLogOutUrl>
If this setting is found, it should show up early after the application starts in the log file like this:
2018-10-18 22:58:24,045 [8] INFO StreamingAppGenericAPIAndControllers.LogUsageTurnkey - OptionalAfterLogOutUrl set to https://www.google.se/<br/>
(This scenario is used by Finansinspektionen - BankId - Shibboleth)
Special handling of Clicking on the Logged-in User in the Header
When you need the click on the user name shown in the header to take you elsewhere than Account/Manage, make it go to named ViewModel instead:
<CurrentUserViewModel>CurrentUserInfo</CurrentUserViewModel>
If this setting is found, it should show up early after the app starts in the log file like this:
2018-10-18 23:02:20,551 [6] INFO StreamingAppGenericAPIAndControllers.LogUsageTurnkey - ManageUserUrl set to https://localhost:44300/Turnkey/AngularApp#/CurrentUserInfo/$null$<br/>