i4connected Knowledgebase 5.6

Logging in i4connected with an External Provider

Abstract

Check out this article and learn how to login in the i4connected portal via Custom OpenID Connect protocol. We prepared this for your own convenience.

The i4connected application gives users the freedom to chose multiple external Identity Providers to sign into the portal. The accepted External providers are:

  • Facebook

  • Twitter

  • Google

  • Microsoft

  • Custom OpenID Connect

Tip

For more details about the i4connected External Providers, please also visit the dedicated article here.

Important

PREREQUISITES

  • An Identity Provider server/account should be available, as you will need to extract some information, in order to enable possibility to login with an external provider.

  • External providers can only be enabled on an HTTPS connection.

Please follow the below described steps in order to be able to log into i4connected via an External Provider of your choice:

  1. Open your Identity Provider server / account in order to obtain the necessary authentication information.

    Tip

    Depending of the provider you intend to use, please also check the "Setting up External providers" article in order to learn more details about the expected authentication information

  2. Open the appsetting.json file, available under your i4connected api folder, on the machine running the i4connected installation.

    appsettings_folder.jpg
  3. Identify your External provider settings in the Authentication area and start filling in the requested information. The authentication information should be added between double quotes ("...").

    Authentication_providers.jpg

    Tip

    • Facebook

      • AppId - The unique identification number of your Facebook application account.

      • AppSecret - The secret key of your Facebook application account.

    • Twitter

      • ConsumerKey - The unique identification key of you Twitter application account.

      • ConsumerSecret - The secret key of your Twitter application account.

    • Google

      • ClientId - The unique number used to identify your Google account.

      • ClientSecret -The secret key of your Google account.

    • Microsoft

      • ApplicationId - The unique identification number of your Microsoft application.

      • Password - The Client secret (application password) consisting of a secret string that the application uses to prove its identity when requesting a token.

    • Custom OpenID Connect

      • ClientId - The unique number of the client for which all tokens must be issued.

      • ClientSecret - The secret key of the client.

      • Authority - The URL of the external identity provider / server.

      • Name - The name of the client that will be displayed in the application.

      • ResponseType - The type of response can be: none, code, token, id_token or a combination of the last three options.

      • ResponseMode - The mode of the response can be: query, fragment or form_post.

      • MetadataAddress - Optionally, allows the user to set a discovery endpoint address for obtaining metadata.

      • Scopes - Optionally, allows the user to list additional permissions which the i4connected system requests from the external identity provider. For instance, the configured identity provider user email address. The Scopes array should be added between square brackets and each scope should be added between double quotes.Lists which permissions should be requested.

  4. Make sure to save your changes to the appsettings.json file.

  5. Next, connect to your i4connected database server using either the Azure Data Studio or Microsoft SQL Server Manager Studio.

  6. Open the Clients table and identify the JS Client in order to extract the ClientId. The default ClientId of the JS Client is 1.

    JS_Client.jpg
  7. Open the ClientRedirectUris table and add the valid portal URL associated with the ClientId of the JS Client.

    RedirectUri.jpg
  8. Next, open the ClientGrantTypes table and make sure that at least the GrantType Implicit is associated with the same ClientId.

    Implicit.jpg

    Warning

    To allow access to both External Providers Users and i4connected portal Users, you need to create associations of both "implicit" and "password" grant types for the same JS Client.

  9. Make sure to save your changes to the Tables.

  10. To apply the above settings, please make sure to Restart Internet Information Services (IIS).

    Restart_IID.jpg