Versions Compared

Old Version 9

changes.mady.by.user Petru Galanton

Saved on

compared with

New Version Current

changes.mady.by.user Unknown User (m.schadd)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

When using the default BaaS Flow Starter, the authenticated user is available in the system.user entity instance. The access token received in the Authorization header will be forwarded to external REST services called via an AQ_RestServiceClient configured with an HTTP connection that uses openid-connect authentication. See 5. AQ_RestServiceClient for more information.


Configuration

BAARS itself does not require any specific configuration. However, the following general OpenID Connect configuration options apply:

...

Code Block
# the Runtime must be configured to use OpenID Connect login type
blueriq.security.login-type=openid-connect


# OpenID Connect properties must be configured
blueriq.security.openid-connect.token-issuer=http://example.com/auth/realms/master
blueriq.security.openid-connect.keys-endpoint=http://example.com/auth/realms/master/protocol/openid-connect/certs
blueriq.security.openid-connect.use-discovery=true
blueriq.security.openid-connect.client-id=example-client
blueriq.security.openid-connect.roles-path=realm_access,roles
blueriq.security.openid-connect.teams-path=teams
# ... and other OpenID Connect properties required for user interactions projects


# an OpenID Connect authentication provider must be defined
blueriq.security.auth-providers.oidc.type=openid-connect


# the OpenID Connect authentication provider must be added to the authentication provider chain
blueriq.security.auth-providers-chain=provider1,oidc,provider2


Secured BAARS Endpoints and Basic Authentication

BAARS endpoints accept and use authentication information even if the endpoints are not secured. Securing an endpoint simply means that authentication is required. Leaving an endpoint unsecured means that authentication is optional. For example, if an unsecured endpoint is called without providing authentication, the system.user entity instance will be the anonymous user. However, if authentication information is provided, then the system.user entity instance will contain the information of the authenticated user.

...