Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Next »

Since Version 10.14 of yuuvis RAD® the the gateway microservice supports authentication with an OAuth2 Identity Provider like Azure Entra ID. This guide shows how to setup the necessary configuration for this to work:

  • Login to the Azure Entra Admin Center (https://entra.microsoft.com/#view/Microsoft_AAD_RegisteredApps/ApplicationsListBlade/quickStartType~/null/sourceType/Microsoft_AAD_IAM) with an administrative account

  • If not already there, choose from the left menu “Identity” → “Applications” → “App registrations”

    image-20241022-154151.png

  • Click on “New registration”

  • On the new page, enter an arbitrary name for the App registration - for example “yuuvis RAD OAuth2”

  • Choose the Account type - the default / first selection is ok if you plan to authenticate only with users of this Entra ID tenant. Otherweise choose one of the other options.

  • At the menu “Redirect URI” choose “WEB” and enter the URL to the yuuvis RAD gateway (instance) that you want to use with OAuth2, postfixed with “/login/oauth2/code/azure” - for example https://yuuvis.mycompany.com/login/oauth2/code/azure.

  • Click on register

    image-20241022-171430.png

  • The overview page of the new app registration is shown. Save the “Application (client) id” and the “Directory (tenant) id” for later use

  • Also savethe “issuer URI” https://login.microsoftonline.com/<Directory (tenant) id>/v2.0 for later use. Replace <Directory (tenant) id> with the ID saved in the previous step.

    image-20241022-171658.png

  • Click on the left menu entry “Certificates and secrets” and click on “New client secret”.

  • In the new dialog enter an arbitrary name for the secret - for example “yuuvis RAD OAuth2 Client Secret” - and choose an expiry interval. Then click add.

  • Save the value of the newly created secret for later use.

    image-20241022-161602.png

  • Click on the left menu entry “Authentication”

  • If you have multiple addresses for the yuuvis RAD gateway then you can (optionally) add these URIs to the list of Redirect URIs now - always postfix with “/login/oauth2/code/azure”.

  • Under the “Front-Channel Logout URL” title enter the URL to the Logout Endpoint of the Gateway - this is per Default “/logout” - so the URL would examplary be https://yuuvisrad.optimal-systems.de/logout

  • Tick the checkbox “ID tokens (used for implicit and hybrid flows)”

  • Click on Save

    image-20241022-172543.png

  • Finished.

  • Proceed with the gateway confniguration - you will need the issuer-uri, the client id (Appliction (client) id) and the client secret (the value of the created secret).

  • No labels