Configure ID provider - om.cfg
You need to define which ID providers users can use to log in to the Intrexx portal. This is done in the file om.cfg. You can find this file in the Intrexx directory structure under the following path:
Installation directory/org/<yourportal>/internal/cfg/LucyAuth.cfg
om.cfg - <authentification>
The file om.cfg contains an area called <authentification>. This is where you specify that users can log in to the portal with the aid of the OAuth2 login module.
Change the entry for binding scope="web" to "IntrexxOAuth2".
(Fundamentally, the value that you enter for binding scope="web" is free choice. However, the value must correspond to the name that was specified for the OAuth2 login module in the file LucyAuth.cfg.)
<authentication anonymous="05CE8CE3035924F7D3088895F1D87DADD65CFAE4"> <binding scope="web" auth-type="IntrexxOAuth2"/> <binding scope="client" auth-type="IntrexxAuth"/> <binding scope="webservice" auth-type="IntrexxAuth"/> <binding scope="odataservice" auth-type="ODataAuth"/> <binding scope="documentintegration" auth-type="IntrexxAuth"/> <webserver-configuration plain-text-auth="false" integrated-auth="false"/> <mobile-devices plain-text-auth="never"/> </authentication>
om.cfg - <oauth2>
You can define multiple ID providers in the file om.cfg. You need to create an <oauth2> area for each ID provider. Per <oauth2> area, there are numerous parameters that you need to enter required values for. Some of the values are fixed; They apply to all ID providers. Some of the values are specific to the respective ID provider and may even be specific to you as a customer.
No. |
Parameters |
Value/example |
Explanation |
---|---|---|---|
1 |
auth-grant-type |
"authorization_code" |
Fixed value |
2 |
auth-scheme |
"header" |
Fixed value |
3 |
auth-protocol |
"id_token" |
Fixed value |
4 |
auth-requires-nonce |
"true" |
Fixed value |
5 |
auth-access-token-url |
"https://login.microsoftonline.com/common/oauth2/v2.0/token" |
You need to obtain this value from the ID provider. Please refer to the chapter REST API endpoints for more information. |
6 |
auth-user-auth-url |
"https://login.microsoftonline.com/common/oauth2/v2.0/authorize" |
You need to obtain this value from the ID provider. Please refer to the chapter REST API endpoints for more information. |
7 |
auth-user-info-url |
"" |
You do not need to enter anything here. |
8 |
auth-pub-keys-src |
"https://login.microsoftonline.com/common/discovery/v2.0/keys" |
Fixed value |
9 |
auth-scope |
"openid email" |
You need to obtain this value from the ID provider. Please refer to the chapter REST API endpoints for more information. |
10 |
auth-client-id |
"CLIENT_ID" |
You need to obtain this value from the ID provider. Please refer to the chapter Client ID and client secret for more information. |
11 |
auth-client-secret |
You need to obtain this value from the ID provider. Please refer to the chapter Client ID and client secret for more information. |
|
12 |
auth-redirect-url |
"https://intrexx/your-portal/oauth2login" |
This value refers to the base URL of your portal. Please refer to the chapter Enter redirect URL for more information. |
13 |
auth-provider-prompt |
"none" |
Fixed value |
14 |
auth-provider-login-hint |
"This is a hint" |
Fixed value |