Skip to main content
Version: 9.0

Portal

Authorization can also be performed in the portal via an external OAuth2 provider such as Azure AD or Auth0.

To do this, the provider must be configured in the server. To configure the provider, use the Admin Portal under "Users -> OAuth".

In contrast to the authorization of the web service ("Client Crendentials Flow"), in the case of the portal the application itself establishes the authorization via the OAuth2 provider. For this purpose, the portal uses the OAuth2 flow "Authorization Code Flow With Proof Key for Code Exchange (PKCE)" to obtain the corresponding authorization.

If an OAuth2 provider is configured for the portal, then it appears as an additional login in the portal login dialog.

Below is an example of the configuration in "conf/server.xml" for Azure AD and Auth0 providers:

Azure AD

<oauth>  
    <providers>  
        <provider name="azureAd"  
                  displayName="Microsoft"  
                  flow="authorizationCodeWithPkce"  
                  id="azure_authorize"  
                  tenantId="{YOUR_TENANT_ID}"  
                  clientId="{YOUR_CLIENT_ID_OF_REGISTERED_APPLICATION}"  
                  applicationId="{YOUR_ID_OF_REGISTERED_APPLICATION}"  
                  scope="offline_access openid api://{YOUR_ID_OF_REGISTERED_APPLICATION}/.default"  
                  discoveryUrl="https://login.microsoftonline.com/{YOUR_TENANT_ID}/v2.0/.well-known/openid-configuration"  
                  claimSessionId="sub"  
                  claimClientId="azp"  
                  claimRoles="scp"  
                  roleNameAdmin="Edit"  
                  roleNameUser="Read">  
            <!-- https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-protocols-oidc#send-a-sign-out-request -->  
            <logout url="https://login.microsoftonline.com/common/oauth2/v2.0/logout?post_logout_redirect_uri={redirectUrl}"/>  
        </provider>  
    </providers>  
</oauth>

Auth0

<oauth>  
    <providers>  
         <provider name="auth0"  
                  displayName="Auth0"  
                  flow="authorizationCodeWithPkce"  
                  id="auth0_authorize"  
                  tenantId=""  
                  clientId="{YOUR_CLIENT_ID_OF_REGISTERED_APPLICATION}"  
                  applicationId="{YOUR_ID_OF_REGISTERED_APPLICATION}"  
                  scope="offline_access openid"  
                  discoveryUrl="https://{YOUR_TENANT_ID}.auth0.com/.well-known/openid-configuration"  
                  claimSessionId="sub"  
                  claimClientId="azp"  
                  claimRoles="permissions"  
                  roleNameAdmin="admin"  
                  roleNameUser="user">  
            <!-- https://auth0.com/docs/authenticate/login/logout/redirect-users-after-logout -->  
            <logout url="https://softvision.eu.auth0.com/v2/logout?returnTo={redirectUrl}&amp;client_id={clientId}"/>  
        </provider>  
    </providers>  
</oauth>