INUBIT as an identity provider
It is shown how INUBIT can be used as an identity provider.
|
The use of INUBIT should only be an interim solution and should only be used in productive operation in consultation with your project team. |
Prerequisites
BPC INUBIT Workflows must be installed in order to use INUBIT as an identity provider.
Configuration (JAAS)
A new backend connection is created Backend Connections of the type identity_provider is created.
The following values must be set there.
| Setting (Key) | Group | Value | Description |
|---|---|---|---|
Module_Name |
module |
idp-inubit |
Assign a meaningful and unique name |
IdentityProvider |
config |
inubit |
Use INUBIT as identity provider |
IdentityProvider_URL Only BPC version < 4.2.13 |
config |
http://INUBITSERVER:INUBITPORT/ibis/servlet/IBISHTTPUploadServlet/rest/authentication |
URL for authentication http connector in the BPC INUBIT workflow |
IdentityProvider_INUBIT_URL Only BPC version >= 4.2.13 |
configINUBIT |
http://INUBITSERVER:INUBITPORT/ibis/servlet/IBISHTTPUploadServlet/rest/authentication |
URL to the authentication http connector in the BPC INUBIT Workflow BPC INUBIT workflow |
IdentityProvider_SelfServiceURL |
config |
http://INUBITSERVER:INUBITPORT/ibis/servlet/IBISHTTPUploadServlet/rest/uss |
URL to the User Self Service endpoint |
|
You should use http*s* for the connection to INUBIT to avoid plain text transmission of credentials. |
Special features
When authenticating against INUBIT, all process roles are added to a user as roles and all user groups are added as rights inubitUserGroup_BENUTZERGRUPPENNAME.
INUBIT as IdP does not allow customer/project-specific rights or organizations to be stored in addition to the INUBIT standard rights.
These can be generated from roles via IdentityProvider_Mappings, for example.
