Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

This Steplist document describes how you can add your web applications to the Ubisecure IDaaS Trial environment with SSO Management Console tool using OIDC (OpenID Connect) protocol. You can assign a different type of authentication methods, username/password or Google, to your applications and assign an authorization policy . You can sign in to your applications using these authentication methods and additionally you can sign in to Ubisecure’s test application.(to limit the attributes sent to the application during sign-in).

NOTE!!

IDaaS Trial contains two different access management tools to do the application integrations: Trial Console (designed for IDaaS Trial) and SSO Console. The preferred way is to use the Trial Console. SSO Console is a modified and restricted version of the access management tool used in the production deployments. You need to apply separate access rights for the SSO Console via the identity management self-service view.

NOTE!!

You need to have your own test application that supports OIDC protocol for this procedure. 

You can Access the SSO Managment Console here: https://trial.idaas.ubisecure.com/ubilogin

Procedure

The procedure includes the following steps:

  1. Add the web application to the SSO Management
  2. Define the redirect URI
  3. Configure web application
  4. Activate the application and creating the new metadata file
  5. Add user group to the web application
  6. Add the authentication methods for the web Application
  7. Add the authorisation policy for the application
  8. Sign in to the web application


Step 1. Add the web application to the SSO Management

Sign in to the SSO Management tool with your Identity Management credentials. You have received the credentials during the IDaaS Trial registration process. 

Home – <Your site name> (Note, the site is called “idaas0078” “IDaaS 0079” in this example) – Applications – Click the New Application Button:Image Removed

Application Type: Oauth2 (In practice this means OIDC)

...

Tick the Enabled box

Click the OK Button

Image RemovedImage Added


Image Added

Image Added

Step 2. Define the redirect URI

Write the return URI value of the Web Application to the SSO Management. 

Home – <Your Site Name> (Note, the site is called “idaas0078” 908bbe84-6f46-4766-b4d1-03527f42b434in this example) – Applications – Test Application – Click the Upload Button.

Image RemovedImage Added


Write the redirect URI of your Web Application to the “Copy and Paste” field -  Click the OK Button.

In the example below the redirect uri is “https://client1.ubidemo.com(Note, this is used here as an example. You need to use the URL of your own test Application.)

{

“redirect"redirect_uris” uris" : [ "https://client1.ubidemo.com/" ]

}

...

Image Added


Step 3. Configure web application

Configure your web Application according to IdP configuration: https://trial.idaas.ubisecure.com/uas/.well-known/openid-configuration


Step 4. Activate the application and create the metadata file

Create the web Application metadata file (containing the client id and client secret).

Home - <Your site name> (Note, the site is called “idaas0078” 908bbe84-6f46-4766-b4d1-03527f42b434in this example) - Applications - <your web application name> (Note, the application name is "Test Application" in this example) - Click the Activate button

...

When you click the Activate button, the SSO management creates a metadata file for the Web Application and saves it under the Downloads folder.

Image RemovedImage Added

Click the OK Button

Image RemovedImage Added

Save the file and click "Open folder" button.  Image RemovedNote, the view might be different depending on the browser you use.

Image Added

Open the File in Notepad – Copy the client_secret and client_id values

Paste the values to your own web application!


Click the Update button.

Image RemovedImage Added

Step 5. Add user Group to the web application

Define that your users (Note, in this exmaple "IDaaS 00780079" users) are allowed to access the web application.

Allowed to – Click the Add Button.Image RemovedChoose<Your site name> Users (Note, in this example "SmartPlan Users" –


Image Added


Choose the groups and Click the OK Button.

Image RemovedImage Added

Step 6. Add the authentication methods for the web application

Choose the allowed authentication methods for your Web Application. You can choose several. 

Allowed Methods – <choose the methods from the list> – Click the Update Button

Image RemovedImage Added

Step 7. Add the authorisation policy for the web application

Authorization policy is used to define what attributes the Identity Server sends to the Web Application (in this environment we use a predefined authorization policy called “IDaaS Trial Policy”“Policy”).

Home – <Your site name>  (Note, the site is called “SmartPlan” 908bbe84-6f46-4766-b4d1-03527f42b434in this example)  –   – Authorization Policies –  “IDaaS Trial Policy”Image RemovedClick the policy name “Policy”


Image Added


Applications – Click the Add Button

Image RemovedImage Added


<Your Web Application> (Note, the application called “Test Application” in this example) – Click the OK Button

Image RemovedImage Added

Step 8. Test log in to the web application

...