-
Title
OAuth Authorization support in erwin Web Portal 2018R1 and onwards -
Description
OAuth Authorization support in erwin Web Portal 2018R1 and onwards -
Resolution
OAuth Authentication
The OAuth specification defines a delegation protocol that is useful for conveying authorization decisions across a network of web-enabled applications and APIs. OAuth is used in a wide variety of applications, including providing mechanisms for user authentication.
MIMM supports the OAuth 2.0 protocol for external authentication.
Administrators can always login even in External Authentication Mode using the dedicated administrator rescue login URL: http://hostname:<port>/MM/Auth?nativeLogin, where <port> is the http port that erwin Metadata Management (EMM) responds to.
Please refer to the readme for more details.
Steps
1. Sign in to erwin Metadata Management (EMM) as a user with at least the User Admin security role.
2. Go to either:
- Metadata explorer UI: the MANAGE > Users in the banner.
- Metadata manager UI: Go to Tools > Administration > Users.
3. Select OAuth External Authentication from the pull-down.
4. Click Configure the OAuth Server.
Configure the OAuth Server
In order to enable an external authentication server using the OAuth 2.0 protocol, the Administrator needs to configure the OAUTH server. The following example shows the Configure OAUTH Server editor parameters using the Google server.
The user needs to obtain OAuth 2.0 client credentials, such as Client Id, Client Secret from the external authentication server, such as Google and Facebook.
Besides the Client Id and Client Secret, the OAUTH Server configuration also requires the external authentication server Authentication URI, token URI and a few other parameters:
o Authentication URI: a URI on the external authentication server that handles the user authentication. The result is an authorization code, which the application can exchange for an access token and a refresh token.
o Token URI: a URI on the external authentication server that exchanges the authentication code for an access token.
o Validation URI: a URI on the external authentication server that validates the access token and provides access to the user’s account
o Scope: One or more scope values indicating which parts of the user’s account an access token permits.
o Request Headers: extra parameters to be added in the HTTP requests to the external authentication server
For detail info can be found under online help:
http://metaintegration.com/erwin/Help/UserGuide/index.html
by searching keyword oauth