Document - IDP Server

Owned by Gaurav
Jun 29, 2023
4 min read

1           INTRODUCTION 

1.1     WHAT’S IN THIS MANUAL 

This Document intends to inform the user about Identity Provider Server (IDP) implementation and operating in VIENNA Advantage. 

1.2     WHAT IS IDP 

An identity provider (abbreviated IdP or IDP) is a system entity that creates, maintains, and manages identity information for principals and also provides authentication services to relying applications within a federation or distributed network. 

1.3     AUDIENCE 

1.3.1.1   

1.3.1.2   

  1.  

Developer 

2 

End user 

1.4     SYMBOLS AND CONVENTIONS 

 

Example 

 

Note 

 

Caution 

 

Recommendation 

1.5     PRODUCT SUPPORT 

In case of any questions related to this user manual you can contact VIENNA Advantage customer care located in the “Contact” section of http://www.viennaadvantage.com 

2        OVERVIEW 

Identity providers offer user authentication as a service. Relying party applications, such as web applications, outsource the user authentication step to a trusted identity provider. Such a relying party application is said to be federated, that is, it consumes federated identity.

3      HOW IDP SERVER IS USED IN OUR SYSTEM 

In VIENNA, IDP server is hosted separately and called by system for JWT access token. Later this token is used in client’s api to store and get document. Please follow ‘Installation and Basic Setting’ document’s instructions. 

3.1     CONFIGURATION OF IDP AND CLIENT’S WEB SERVICE IN SYSTEM 

There are some settings at tenant level which needs to be done before using IDP server. These are as below: 

  • Open Tenant window from menu 

  • Select your tenant 

  • Go to Tenant Info tab 

  • Add IDP and web service information  

    • Select IDP in ‘Save Attachment On’ 

    • Add own API URL in ‘Web Service URL’ 

    • Add desired token in ‘Web Service Token’ 

    • Add IDP service URL in ‘IDP Server URL’ 

    • Select Access key in ‘IDP Serve Client’ 

  • Save this entry and refresh the link or re login. 

3.2     HOW SYSTEM WORKS WITH IDP 

System checks for save setting in tenant ‘Save Attachment On’ and based on that it saves the uploaded document. In case user selects IDP then on upload document system checks for URL and makes a call for access token with server client type of ‘Access Key’. Once the token is given by IDP then system calls for Web service URL (Client’s API) along with given token as bearer. 

3.3     JWT TOKENS 

System generates JWT token which has all the required information. System exchanges this token with calling system and serving system. JWT token will further be authenticate by the calling party to ensure the correct source and information. 

3.4     SETTING AND REQUIREMENTS 

Below are some setting and requirements For IDP. 

3.4.1        WEB CONFIG 

User need to add some entries in web config file of IDP server in <configuration> <appSettings>.   

  • <add key="Issuer" value="https://your url here" /> 

  • <add key="certThumbPrint" value="Certificate thumb print" /> 

  • <add key="certPwd" value="encrypted certificate password" /> 

  • <add key="accesskey" value="same access key which is used in DMS link" /> 

    • Note: We have many keys in web config file like accesskey and useraccesskey here above we are talking about accesskey only. So accesskey should be same on IDP and hosted DMS link. 

3.4.2        IIS AND MMC 

  • Create certificate using IIS 

  • Open certificate in MMC. 

  • Give required permission to certificate if any. 

  • Check Thumbprint of certificate and use same in web config file. 

  • Permission error on certificate 

    • Give IIS, IUSR and Network Service permission to certificate. 

  • Try to test IDP from postman first to see everything is configured correctly.