SSO (Users)

Setup


The following steps are required to set up SSO (single sign-on) in Lobster_data. You need a license for this functionality.

./etc/factory.xml


Add the following section to configuration file ./etc/factory.xml.


<Call name="addService">
<Arg>com.ebd.hub.services.identity.ExternalIdentityProviderService</Arg>
<Arg>etc/external_identity_providers.xml</Arg>
</Call>

./etc/external_identity_providers.xml


Now you have to configure the SSO servlet in the configuration file ./etc/external_identity_providers.xml. You can use the entries as below. The alias for DataCockpit is only necessary if you are using this add-on module. Instead of example.com, enter the IP/URL of your Integration Server.

In the last step, at least one identity provider must be specified, shown here using Azure as an example. How to get the values for the OAuth2 parameters is described in the documentation of the respective provider. So Client ID, Client Secret and for Azure also the Tenant ID. The alias is freely assigned by you.

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE Configure PUBLIC
"-//Lobster//DTD Configure 1.0//EN"
"http://www.lobster.de/dtd/configure_1_1.dtd">
<Configure class="com.ebd.hub.services.identity.ExternalIdentityProviderService">
 
<Call name="setSSOServletConfig">
<!-- Server Name --><Arg>Main Server</Arg>
<Call name="addAlias">
<!-- Alias --><Arg>DataCockpit</Arg>
<!-- Servlet URL --><Arg>https://example.com/idp/DataCockpit/</Arg>
<!-- Login URL for Alias --><Arg>https://example.com/DataCockpit</Arg>
</Call>
<Call name="addAlias">
<!-- Alias --><Arg>_data</Arg>
<!-- Servlet URL --><Arg>https://example.com/idp/_data</Arg>
<!-- Login URL for Alias --><Arg>https://example.com/_data</Arg>
</Call>
</Call>
 
<!-- Args: Alias, Tenant ID, Client ID, Client Secret -->
<Call name="addProvider">
<Arg>
<New class="com.ebd.hub.services.identity.AzureOAuth2Provider">
<Arg>azure</Arg>
<Arg>common</Arg>
<Arg>44b32ea9-7880-4a6f-a53b-1c4e3c7776e9</Arg>
<Arg>_YY7Q~ICpgddR62h0N9LIZZGuol4hK2vTbXXX</Arg>
</New>
</Arg>
</Call>
 
<!-- Args: Alias, Client ID, Client Secret -->
<!--
<Call name="addProvider">
<Arg>
<New class="com.ebd.hub.services.identity.GoogleOAuth2Provider">
<Arg>google</Arg>
<Arg>TBD</Arg>
<Arg>TBD</Arg>
</New>
</Arg>
</Call>
-->
 
<!-- Args: Alias, Client ID, Client Secret -->
<!--
<Call name="addProvider">
<Arg>
<New class="com.ebd.hub.services.identity.AmazonOAuth2Provider">
<Arg>amazon</Arg>
<Arg>TBD</Arg>
<Arg>TBD</Arg>
</New>
</Arg>
</Call>
-->
 
<!-- Args: Alias, Client ID, Client Secret -->
<!--
<Call name="addProvider">
<Arg>
<New class="com.ebd.hub.services.identity.FacebookOAuth2Provider">
<Arg>facebook</Arg>
<Arg>TBD</Arg>
<Arg>TBD</Arg>
</New>
</Arg>
</Call>
-->
 
</Configure>

Adding SSO Provider for User and Login


Once the SSO setup is complete, you can now add an SSO provider to a user.


images/download/attachments/106964444/1299-version-1-modificationdate-1664266342196-api-v2.png

images/download/attachments/106964444/1300-version-2-modificationdate-1664266496306-api-v2.png

images/download/attachments/106964444/1301-version-1-modificationdate-1664266095676-api-v2.png


(1) Select an SSO provider via the context menu (here Azure). You will then be redirected to an external page where you have to enter your credentials, here for your Microsoft account. This login is only necessary once. Note: If you are already logged in to your Microsoft account, this step happens in the background.

(2) Once you have performed (1), you will see the added SSO provider. You can now log in to Lobster_data via SSO, see (3).

(3) Click here.

(4) Click here.