Setup


The following steps are required to set up SSO (single sign-on) in Lobster Integration.

./etc/factory.xml


Add the following section to configuration file ./etc/factory.xml.


<Call name="addService">
<Arg>com.ebd.hub.services.identity.ExternalIdentityProviderService</Arg>
<Arg>etc/external_identity_providers.xml</Arg>
</Call>

./etc/external_identity_providers.xml


Now you have to configure the SSO servlet in the configuration file ./etc/external_identity_providers.xml. You can use the entries as below. The alias for DataCockpit is only necessary if you are using this add-on module.

In the last step, at least one identity provider must be specified, shown here using Azure as an example. How to get the values for the OAuth2 parameters is described in the documentation of the respective provider. So Client ID, Client Secret and for Azure also the Tenant ID. The alias is freely assigned by you.

For new installations (not updates) from version 4.6.9, the file ./etc/hub.xml only applies to Lobster Integration communication (e.g. HTTP and AS2) and the file ./etc/admin.xml applies to the Admin Console and the Lobster Integration GUI.

Previously, the file ./etc/hub.xml applied to Lobster Integration communication and the Lobster Integration GUI and file ./etc/admin.xml only applied to the Admin Console.

→ In this case, do not use "Main Server" as the server name, but "Administrative Server". Note: In general, the HTTP server via which the Lobster Integration GUI runs must be specified here for the server name.


<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE Configure PUBLIC
"-//Lobster//DTD Configure 1.0//EN"
"http://www.lobster.de/dtd/configure_1_1.dtd">
<Configure class="com.ebd.hub.services.identity.ExternalIdentityProviderService">
<Call name="setSSOServletConfig">
<!-- Server Name --><Arg>Main Server</Arg>
<Call name="addAlias">
<!-- Alias -->
<Arg>datacockpit</Arg>
<!-- Servlet URL -->
<Arg>https://YOUR_HOST_IP/idp/DataCockpit/</Arg>
<!-- Login URL for Alias -->
<Arg>https://YOUR_HOST_IP/DataCockpit</Arg>
</Call>
<Call name="addAlias">
<!-- Alias -->
<Arg>_data</Arg>
<!-- Servlet URL -->
<Arg>https://YOUR_HOST_IP/idp/_data</Arg>
<!-- Login URL for Alias -->
<Arg>https://YOUR_HOST_IP/_data</Arg>
</Call>
</Call>
<!-- OKTA SSO with Generic Template -->
<!--
<Call name="addProvider">
<Arg>
<New class="com.ebd.hub.services.identity.GenericOAuth2Provider">
<!-- Alias -->
<Arg>genericOauth2</Arg>
<!-- ClientID -->
<Arg>YOUR_CLIENT_ID</Arg>
<!-- Client Secret -->
<Arg>YOUR_CLIENT_SECRET</Arg>
<Set name="authorizeUrl">https://YOUR_OKTA.okta.com/oauth2/v1/authorize</Set>
<Set name="tokenUrl">https://YOUR_OKTA.okta.com/oauth2/v1/token</Set>
<!--
<Set name="userInfoUrl">https://userInfoURL</Set>
-->
<!-- specify openid request scopes -->
<Set name="scope">openid</Set>
</New>
</Arg>
</Call>
-->
<!--
<Call name="addProvider"><Arg>
<New class="com.ebd.hub.services.identity.AzureOAuth2Provider">
<!- - Alias - -><Arg>azure</Arg>
<!- - Tenant - -><Arg>common</Arg>
<!- - ClientID - -><Arg>YOUR_CLIENT_ID</Arg>
<!- - Client Secret - -><Arg>YOUR_CLIENT_SECRET</Arg>
</New>
</Arg></Call>
-->
<!--
<Call name="addProvider"><Arg>
<New class="com.ebd.hub.services.identity.GoogleOAuth2Provider">
<!- - Alias - -><Arg>google</Arg>
<!- - ClientID - -><Arg>YOUR_CLIENT_ID</Arg>
<!- - Client Secret - -><Arg>YOUR_CLIENT_SECRET</Arg>
</New>
</Arg></Call>
-->
<!--
<Call name="addProvider"><Arg>
<New class="com.ebd.hub.services.identity.AmazonOAuth2Provider">
<!- - Alias - -><Arg>amazon</Arg>
<!- - ClientID - -><Arg>YOUR_CLIENT_ID</Arg>
<!- - Client Secret - -><Arg>YOUR_CLIENT_SECRET</Arg>
</New>
</Arg></Call>
-->
<!--
<Call name="addProvider"><Arg>
<New class="com.ebd.hub.services.identity.FacebookOAuth2Provider">
<!- - Alias - -><Arg>facebook</Arg>
<!- - ClientID - -><Arg>YOUR_CLIENT_ID</Arg>
<!- - Client Secret - -><Arg>YOUR_CLIENT_SECRET</Arg>
</New>
</Arg></Call>
-->
</Configure>