...
Ressources
RemarksPage Properties | ||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Status | |||||||||||||||||
Status | ||||||||||||||||||
colour | Green | |||||||||||||||||
title | DONE | |||||||||||||||||
Priority | Note | Assignee |
| |||||||||||||||
Resources & Remarks Modification History
|
Excerpt |
---|
This article details the authentication methods compatible with the yuuvis® Core API and how to choose the correct one for your use case. |
...
A yuuvis® Momentum user has to be authenticated in order to be authorized to access to whatever ressources resources or functions his role entitles him too. To achieve this, yuuvis® Momentum connects to an identity provider, which may offer Single Sign-On (SSO) functionality. An existing corporate systems environment usually already uses some sort if of identity provider. An identity provider is a software managing user accounts and authentication, the classical classic example being Microsoft® Active Directory® (AD) or OpenLDAP implementations. An identity provider is a software managing user accounts and authentication. Using the yuuvis® API authentication service requires an identity provider to handle authentication by providing the endpoints used in the OAuth 2.0 authorization workflows.
...
So far, we've detailed the authentication mechanisms available when using the proprietary yuuvis® API authentication service. It is likely that at a later date, most customers will be using yuuvis® API through a managed API gateway, authenticating using a subscription key tied to a platform-specific account (i.e. a Microsoft account for Azure Managed API) instead of user credentials. Since these managed API gateways replace both the Identity Provider and the authentication service, not much can be generally said about the way to authenticate at these external services. If you are using a yuuvis® API build utilizing such a managed API, refer to that API's documentation when trying to authenticate.
Anchor | ||||
---|---|---|---|---|
|
Session Management
After a successful log-in process, the session state is stored by the AUTHENTICATION service. If multiple service instances are used, it is stored in a Redis database.
>> Multiple Instances of the AUTHENTICATION service
A session cookie stores the identification of the user's session via a Cookie Manager of the calling HTTP client (e.g., the browser) such that further requests of the same user are enriched with the session cookie GWSESSIONID
. Thus, the user does not need to log on again for each request.
If the client application uses a browser, the following cookies will be additionally set:
i18next
- Stores the language for the tenant selection web page (e.g., en_US or de).tenant
- Stores the tenant that was selected on the tenant selection web page.
Further cookies might be set by your identity provider (e.g., Keycloak cookies).
Summary
This article gave an overview of the authentication methods supported by yuuvis® Momentums authentication service and their details. For rapid and easy testing or as practical application as an identity management platform, allowing the integration of different distinct identity providers (user federation), keycloak is an excellent tool, its usage being exemplified in one of the tutorials linked below.
...