Versions Compared

Old Version 14

changes.mady.by.user Sami Lindgren

Saved on

compared with

New Version 15

changes.mady.by.user Sami Lindgren

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

This Steplist document describes how you can add your web applications to the Ubisecure IDaaS Trial environment with SSO Management Console tool using OIDC (OpenID Connect) protocol. You can assign a different type of authentication methods, username/password or Google, to your applications and assign an authorization policy . You can sign in to your applications using these authentication methods and additionally you can sign in to Ubisecure’s test application(to limit the attributes sent to the application during sign-in).

NOTE!!

IDaaS Trial contains two different access management tools to do the application integrations: Trial Console (designed for IDaaS Trial) and SSO Console. The preferred way is to use the Trial Console. SSO Console is a modified and restricted version of the access management tool used in the production deployments. You need to apply separate access rights for the SSO Console via the identity management self-service view.

NOTE!!

You need to have your own test application that supports OIDC protocol for this procedure. 

Procedure

The procedure includes the following steps:

  1. Add the web application to the SSO Management
  2. Define the redirect URI
  3. Configure web application
  4. Activate the application and creating the new metadata file
  5. Add user group to the web application
  6. Add the authentication methods for the web Application
  7. Add the authorisation policy for the application
  8. Sign in to the web application


Step 1. Add the web application to the SSO Management

Sign in to the SSO Management tool with your Identity Management credentials. You have received the credentials during the IDaaS Trial registration process. 

...

Tick the Enabled box

Click the OK Button


Step 2. Define the redirect URI

Write the return URI value of the Web Application to the SSO Management. 

Home – <Your Site Name> (Note, the site is called “908bbe84-6f46-4766-b4d1-03527f42b434” in this example) – Applications – Test Application – Click the Upload Button.

...

"redirect_uris" : [ "https://client1.ubidemo.com/" ]

}

Image Modified


Step 3. Configure web application

Configure your web Application according to IdP configuration: https://trial.idaas.ubisecure.com/uas/.well-known/openid-configuration


Step 4. Activate the application and create the metadata file

Create the web Application metadata file (containing the client id and client secret).

Home - <Your site name> (Note, the site is called “908bbe84-6f46-4766-b4d1-03527f42b434” in this example) - Applications - <your web application name> (Note, the application name is "Test Application" in this example) - Click the Activate button

...

Paste the values to your own web application!


Click the Update button.

Step 5. Add user Group to the web application

Define that your users (Note, in this exmaple "IDaaS 0079" users) are allowed to access the web application.

...

Choose the groups and Click the OK Button.

Step 6. Add the authentication methods for the web application

Choose the allowed authentication methods for your Web Application. 

Allowed Methods – <choose the methods from the list> – Click the Update Button

Step 7. Add the authorisation policy for the web application

Authorization policy is used to define what attributes the Identity Server sends to the Web Application (in this environment we use a predefined authorization policy called “Policy”).

Home – <Your site name>  (Note, the site is called “908bbe84-6f46-4766-b4d1-03527f42b434” in this example)  – Authorization Policies –  Click the policy name “Policy”

...