Authentication

Authentication settings determine the authentication mechanisms available for users to login and access the EdgeReady platform. 

The following types of Authentication mechanisms are available in the platform:

• FM Authentication
• SSO NW Authentication
• LDAP Authentication
• Custom Authentication
• OAuth Authentication

FM Authentication

In the EdgeReady Cloud, the FM Authentication is configured by default. Here, a user is created in the User management module and added to the EdgeReady database. When a user logs in, the credentials are checked in the database and allowed entry. It is the default authentication present when a tenant is created in the platform.

The FM authentication can be easily configured by opening Administration > Authentication screen from the dashboard. Select FM Authentication from the drop down list and click Save.

SSO NW Authentication

This authentication enables access to the SAP Netweaver server only. The administrator provides the Netweaver Plugin URL and clicks Save. 

The credentials entered in the login page of the EdgeReady platform is authenticated against the Netweaver server and a token is issued. The token can then be presented to other SAP systems as an authentication token. Instead of having to provide a user ID and password for authentication, the user is allowed access to the SAP systems after the system has verified the logon token.

LDAP Authentication

LDAP (Lightweight Directory Access Protocol) authentication is the process of verifying username and password stored in a directory service, like OpenLDAP or Microsoft Active Directory or Apache Active Directory.

The administrator can configure LDAP authentication by doing the following steps:

1. Select the Authentication tab under Administration.
2. Choose LDAP Authentication in the Authentication Type dropdown list.
3. Enter the following parameters:
   • URL -  Active Directory url
   • Server Name - Host name or IP address of the machine hosting the LDAP directory service.
   • Base DN - The Base Distinguished Name for your LDAP directory. eg: DC=example-domain, DC=com
   • Authentication Filter - Specifies the search criteria for user logins.
   • Principle - The user name of the administrator account for your LDAP system.
   • Credentials - The password for the administrative user. 
4.  Click Test Connection to verify that the connection to the LDAP server is valid.
5.  Click Update to save the configuration.

Custom Authentication

In Custom Authentication, the administrator can create a BOS with the desired logic as per use-case in the Integration Builder of the EdgeReady platform and use it for authentication of specific users against various SAP systems, databases(EdgeReady DB, Oracle, etc.,), any third-party systems and APIs.

The administrator creates a BOS with the following Input and Output parameters:

Input: 

• userName*
• password*
• containerAppId*

Output: 

• status* - indicates login success or failure
• message* - login message displayed to user
• loginName* - username in EdgeReady platform
• authKey - login session ID used by the BOS

* - mandatory parameters

To setup Custom Authentication, do the following steps:

1. Select a BOS from the dropdown list.

The selected BOS must have the logic with the mandatory Input and Output parameters. Otherwise the parameters are disabled for selection.

2. After selecting the parameters, Click Update.

Now when the user logs in with the username and password, the BOS is called and access is granted or denied to the EdgeReady platform.

OAuth Authentication

It is an open-authorization mechanism that enables access to the EdgeReady platform through client(third-party) URL. Access tokens are issued to the Provider URL by an authorization server with the approval of the EdgeReady Platform. The Provider URL uses the access token to access the applications hosted by the platform.

Benefits of OAuth Authentication

• Centralized  authentication mechanism for enterprises to handle several apps
• Unified login for the end user to sign in to different kinds of applications

Pre-requisites

• The admin of the client organization must already have an account created in the desired OAuth server.
• The list of users of the client organization must be added to the Oauth server account with a list of login parameters.
• An SSO Application is registered in the Oauth Server. This app registration supplies the following information:
  • Provider URL
  • Client ID
  • Client Secret

These three parameters are required to configure OAuth in the EdgeReady Platform.

Configuring the OAuth Authentication

To configure OAuth authentication, the EdgeReady platform administrator can do the following:

1. Select the Authentication tab under Administration.

2. Select OAuth Authentication in the Authentication Type dropdown list.

3. Enter the Provider URL (OAuth Service Provider URL), Client ID, and Client Secret. This information is provided by the client organization.

4. Now click Load Configurations to display the other authentication related fields. (A Connection Success message is displayed if the above information is loaded.)

5. Select values in the following fields from the dropdown lists.

• Claims - list of tokens available to match with EdgeReady Cloud login ID
• Response Type - contains the authorization code needed to obtain an access token
• Scope - indicates a set of access permissions
• Auth Method - Indicates client authentication method. By default, client_secret_basic is selected

6. Click Update to save the details or click Cancel to reset the added information.

Now the url to login to the EdgeReady Platform changes after the OAuth mechanism is set. A sample URL is seen below:

https://sandbox.edgereadycloud.net/Login/v1.0/auth/dev/ABC10001/ where ABC10001 is the tenant ID. When this URL is entered, it automatically redirects to the OAuth server login screen. When the user enters the login credentials and signs in, they are taken back to the home screen of the EdgeReady platform.