Setup
The following steps are required to set up SSO (single sign-on) in Lobster Integration.
./etc/factory.xml
Add the following section to configuration file ./etc/factory.xml.
<
Call
name
=
"addService"
>
<
Arg
>com.ebd.hub.services.identity.ExternalIdentityProviderService</
Arg
>
<
Arg
>etc/external_identity_providers.xml</
Arg
>
</
Call
>
./etc/external_identity_providers.xml
Now you have to configure the SSO servlet in the configuration file ./etc/external_identity_providers.xml. You can use the entries as below. The alias for DataCockpit is only necessary if you are using this add-on module.
In the last step, at least one identity provider must be specified, shown here using Azure as an example. How to get the values for the OAuth2 parameters is described in the documentation of the respective provider. So Client ID, Client Secret and for Azure also the Tenant ID. The alias is freely assigned by you.
For new installations (not updates) from version 4.6.9, the file ./etc/hub.xml only applies to Lobster Integration communication (e.g. HTTP and AS2) and the file ./etc/admin.xml applies to the Admin Console and the Lobster Integration GUI.
Previously, the file ./etc/hub.xml applied to Lobster Integration communication and the Lobster Integration GUI and file ./etc/admin.xml only applied to the Admin Console.
→ In this case, do not use "Main Server" as the server name, but "Administrative Server". Note: In general, the HTTP server via which the Lobster Integration GUI runs must be specified here for the server name.
<?
xml
version
=
"1.0"
encoding
=
"ISO-8859-1"
?>
<!DOCTYPE Configure PUBLIC
"-//Lobster//DTD Configure 1.0//EN"
"
http://www.lobster.de/dtd/configure_1_1.dtd
">
<
Configure
class
=
"com.ebd.hub.services.identity.ExternalIdentityProviderService"
>
<
Call
name
=
"setSSOServletConfig"
>
<!-- Server Name --><
Arg
>Main Server</
Arg
>
<
Call
name
=
"addAlias"
>
<!-- Alias -->
<
Arg
>datacockpit</
Arg
>
<!-- Servlet URL -->
<
Arg
>
https://YOUR_HOST_IP/idp/DataCockpit/
</
Arg
>
<!-- Login URL for Alias -->
<
Arg
>
https://YOUR_HOST_IP/DataCockpit
</
Arg
>
</
Call
>
<
Call
name
=
"addAlias"
>
<!-- Alias -->
<
Arg
>_data</
Arg
>
<!-- Servlet URL -->
<
Arg
>
https://YOUR_HOST_IP/idp/_data
</
Arg
>
<!-- Login URL for Alias -->
<
Arg
>
https://YOUR_HOST_IP/_data
</
Arg
>
</
Call
>
</
Call
>
<!-- OKTA SSO with Generic Template -->
<!--
<
Call
name
=
"addProvider"
>
<
Arg
>
<
New
class
=
"com.ebd.hub.services.identity.GenericOAuth2Provider"
>
<!-- Alias -->
<
Arg
>genericOauth2</
Arg
>
<!-- ClientID -->
<
Arg
>YOUR_CLIENT_ID</
Arg
>
<!-- Client Secret -->
<
Arg
>YOUR_CLIENT_SECRET</
Arg
>
<
Set
name
=
"authorizeUrl"
>
https://YOUR_OKTA.okta.com/oauth2/v1/authorize
</
Set
>
<
Set
name
=
"tokenUrl"
>
https://YOUR_OKTA.okta.com/oauth2/v1/token
</
Set
>
<!--
<
Set
name
=
"userInfoUrl"
>
https://userInfoURL
</
Set
>
-->
<!-- specify openid request scopes -->
<
Set
name
=
"scope"
>openid</
Set
>
</
New
>
</
Arg
>
</
Call
>
-->
<!--
<
Call
name
=
"addProvider"
><
Arg
>
<
New
class
=
"com.ebd.hub.services.identity.AzureOAuth2Provider"
>
<!- - Alias - -><
Arg
>azure</
Arg
>
<!- - Tenant - -><
Arg
>common</
Arg
>
<!- - ClientID - -><
Arg
>YOUR_CLIENT_ID</
Arg
>
<!- - Client Secret - -><
Arg
>YOUR_CLIENT_SECRET</
Arg
>
</
New
>
</
Arg
></
Call
>
-->
<!--
<
Call
name
=
"addProvider"
><
Arg
>
<
New
class
=
"com.ebd.hub.services.identity.GoogleOAuth2Provider"
>
<!- - Alias - -><
Arg
>google</
Arg
>
<!- - ClientID - -><
Arg
>YOUR_CLIENT_ID</
Arg
>
<!- - Client Secret - -><
Arg
>YOUR_CLIENT_SECRET</
Arg
>
</
New
>
</
Arg
></
Call
>
-->
<!--
<
Call
name
=
"addProvider"
><
Arg
>
<
New
class
=
"com.ebd.hub.services.identity.AmazonOAuth2Provider"
>
<!- - Alias - -><
Arg
>amazon</
Arg
>
<!- - ClientID - -><
Arg
>YOUR_CLIENT_ID</
Arg
>
<!- - Client Secret - -><
Arg
>YOUR_CLIENT_SECRET</
Arg
>
</
New
>
</
Arg
></
Call
>
-->
<!--
<
Call
name
=
"addProvider"
><
Arg
>
<
New
class
=
"com.ebd.hub.services.identity.FacebookOAuth2Provider"
>
<!- - Alias - -><
Arg
>facebook</
Arg
>
<!- - ClientID - -><
Arg
>YOUR_CLIENT_ID</
Arg
>
<!- - Client Secret - -><
Arg
>YOUR_CLIENT_SECRET</
Arg
>
</
New
>
</
Arg
></
Call
>
-->
</
Configure
>