Global Settings (Web Login)

[For more info on Web Login, click HERE.]

 

To Edit the Global Settings (Web Login) Properties:

  1. Expand your project in the Workbench's Project Explorer, then expand the Security provider node, and then the Web Login sub-node.

  2. Double-click on the Global Settings node, or right-click on the Global Settings node and select Edit from the menu, or select the Global Settings mode then click on the Edit button in the Edit section of the Home ribbon in the Workbench.

  3. This opens the Global Settings properties, shown below.

Global Settings (Web Login) Properties

 

General Settings

 

These settings set up both Security as an OIDC IdP, as well as configure the external OIDC or SAML login.

Note: Web Login in those applications also comes with limitations.

OIDC Provider / OAuth Authorization Server Settings

 

This section sets up the OIDC Provider (called ‘Authorization Server’ in OAuth terminology) that is built into Security.

  1. Auto-generated temporary key – This option should only be used for testing. Security will generate a new random key every time it starts, so all clients that already authenticated will lose the authentication and will need to re-authenticate again.

  2. From the windows certificate store – Selects a key saved in the certificate store. For OIDC/OAuth, the certificate does not need to be signed by a trusted authority.

Windows Security Window Customized to Selection of 'Local machine/find by Subject Distinguished Name'

Authentication

 

These settings switch between built-in authentication and using an external OIDC or SAML Identity Providers.

Built-in

 

With this option, Security will not redirect to an external OIDC or SAML web page, but instead will present its own login page that authenticates against either Active Directory or against the list of users specified directly in Security. There is just one setting for this option.

OpenID Connect

 

These settings, together with the OIDC Authentication User Mapping section, set up login through an external OIDC Identity Provider.

OIDC Authentication User Mapping

SAML 2.0

 

These settings, together with the SAML Authentication User Mapping section set up login through an external SAML Identity Provider.

SAML Authentication User Mapping

Azure Active Directory Authentication

 

This setting is only available when Security is connecting to Azure Active Directory. This uses the OIDC protocol, but instead of requiring to set up all the details, this takes the details from the Azure Active Directory Settings section of the General tab.

 

This authentication uses the version 2 of Microsoft identity platform, as described here: https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-overview.

 

Specifically, these settings are used:

• The Authorization Code flow is used.

• The issuer URL is formatted as https://login.microsoftonline.com/{tenant}/v2.0.

• The ‘profile’ scope gets requested.

• The ‘oid’ claim from the ID token gets extracted and mapped to the ID property read from Azure Active Directory.

 

See Also:

OIDC Relying Party