Getting started with Auth0 in Exact Globe+
Introduction
Note:
- This document is only relevant to the
controlled release participants.
- This is not available for Exact Cloud customers.
If Exact Globe+ is configured for the federated identity
environment, the federated identity services must also be configured to support
the federated identity authentication, and to perform the federated identity
authentication using the configured federated identity provider details.
This document describes the overview of how to configure Auth0 in Exact
Globe+. Topics such as where to retrieve the details from an Auth0 account,
and how to use the details to configure Auth0 in Exact Globe+ are also
explained in this document.
Signing up for Auth0
To sign up for Auth0, do the following:
- Go to https://manage.auth0.com/login.
The following page will be displayed:
- Click SIGN UP.
- Type your
email address and password.
- Click
>. The following page will be displayed:
- Type your
account name at Account Name.
- Select the
region at Region.
- Select the
agreement acceptance check box.
- Click CREATE ACCOUNT. The following page will
be displayed:
- Disable
all the authentication except for Database.
If the rest of the authentication are not disabled, all the social media
options will be displayed.
- Click SAVE. You should now have an Auth0
account.
Your account name is always displayed on the top right of the page. When
you click on your account name, a drop-down menu will be displayed with the Logout option.
To log in again, go to http://manage.auth0.com/ and type your account details.
Setting up Auth0 database
connection and users for Exact Globe+
The Auth0
users are user accounts that can be used to log in to Exact Synergy Enterprise,
Exact Globe+, Exact Lightweight
Integration Server (ELIS), and
others if these products have been configured to use the federated identity
authentication using Auth0.
Before you
can use these accounts, the following must be created:
- Auth0 database connection
- Users for the Auth0 database connection
Creating Auth0 database connection
- Log
in to your Auth0 account.
- On the left menu, select Connections,
and then select Database.
- On the database page, click CREATE DB
CONNECTION. The New Database
Connection page will be displayed.
- On the New Database Connection page,
type a name at Name.
- Click Create.
- Once
the database is created, go to the Clients
tab, and ensure your Auth0 database connection is set to Default App.
- The
Auth0 database is now created. The name of the database connection is your
Auth0 connection value.
Creating users for the Auth0
database connection
- On the left menu, click Users.
- On the Users page, click CREATE YOUR FIRST USER.
- On the Create user
page, define the following:
- Type an email address at Email.
- Type a password at Password.
- Type the same password again at Repeat Password.
- Select the database connection that you have created above at Connection.
- Click SAVE.
- Your user is now created.
Note:
- Auth0 will send a verification email to the user. If you want to
skip this step, click Actions > Edit Email. On the Edit E-mail page, click
Set email as verified.
- To create more users, repeat the steps above.
Verifying
if the users can be used
- Go to Connections, and
then select Database.
- For the database connection that you have created, click Try
on the right of the database connection name.
- In the log in screen, type the email address and password of the
user that you have created, and click >.
- If the user has been successfully created, the following page will
be displayed:
- These are the Auth0 users that you can use for your federated identity
authentication.
Configuring Auth0 application
Auth0 applications are configurations that represent, and are used
by Exact Synergy Enterprise, Exact Globe+, ELIS, and others for the federated identity authentication via
Auth0. Before you can set up Exact Synergy Enterprise, Exact Globe+, ELIS, or other applications, you have
to configure the Auth0 application first.
Note: This
document describes reusing the Default
App that has been previously created but you can also create another
application.
To
configure the Auth0 application, do the following:
- Log
in to your Auth0 account.
- On the left menu, select Clients.
- On the Clients page,
click the name or settings icon of the Default
App to view the details.
- On the Default App
page, click the Settings tab.
- The Domain
is your Authority and part of your JWT Issuer Name value. For more
information, see
How-to:
Retrieving information for Windows Azure Active Directory and Auth0.
- The Client ID
is your Client ID value and Allowed Audience value. For more
information, see
How-to:
Retrieving information for Windows Azure Active Directory and Auth0.
- Select
Native at Client Type, and type the URL at Allowed Callback URLs.
- Ensure
Use Auth0 instead of the ldP to do
Single Sign On is enabled.
- Click the Show Advanced
Settings hyperlink to view the Advanced
Settings section.
- Under the Advanced Settings section, click
the OAuth tab.
- Select
RS256 at JsonWeb Token Signature Algorithm.
- Click
SAVE CHANGES.
- Click the Addons tab.
- Enable WS-FED.
- On the Addon: WS-Fed (WIF) Web App
page, type the realm value at Realm.
This is the App ID in URI format whereby this should be the same value as your
callback URL. This value is your App URI value. This value is case-sensitive;
you should use the exact value, including any symbols. You are advised to
always use lowercase to avoid a mismatch of the values.
- Click
SAVE.
- Close the Addons: WS-Fed (WIF) Web App
page.
- Click the Connections tab. Ensure the
database connection that you have created is also enabled for this Auth0
application.
Viewing Auth0 logs
The
authentication activities from Auth0 can be viewed by clicking Logs on the left menu.
Configuring Exact Globe+
Overview of Exact Globe Next with
federated identity configuration
To use federated identity with Exact Globe+, the following
configuration details must be made available in Exact Globe+:
- SAML Issuer Name
- JWT Issuer Name
- Client ID
- Allowed Audience
- Metadata
- Thumbprint
- Authority
- Auth0 connection
The configuration details stated must be entered in the Federated
Identity Configurator, to generate the federated identity configuration files
for Exact Globe+.
Retrieving Auth0 configuration details
To retrieve your Auth0 configuration details, log in to your Auth0
account and view the Auth0 application or client that you have configured for
Exact Globe+.
For more information on how to retrieve these details, see How-to: Retrieving information for Windows
Azure Active Directory and Auth0.
Note: All
values are case-sensitive; you should use the exact value, including any
symbols. You are advised to always use lowercase to avoid a mismatch of the
values.
Configuring the Auth0 details into Exact Globe+
To configure Exact Globe+ to use Auth0 as the authentication
provider, the web application must have the following files configured for the
token-based authentication:
- Bin\EntityServiceIdentity.config
- Bin\GlobeIdentity.Config
- XMD\Exact.WindowsService.config
These files should be configured and generated by the Federated
Identity Configurator.
- Start the Federated Identity Configurator, by starting
FIDConfigurator.exe in the Cab folder of the Exact Globe+ installation folder. The tool requires read and write access to the installed
folders of Exact software. Therefore, it is recommended the tool be used with
Administrator privileges.
- Select Exact Globe+ from the Products menu on the left.
- Type or select the installation directory of Exact Globe+ at
Installation
Folder. When a path is specified, the tool will validate the path. If the
path is validated successfully, the configuration section and buttons will be
enabled.
- Select Auth0 at the Identity Provider field.
- Define the following fields:
- SAML
Issuer Name
- JWT
Issuer Name
- Client
ID
- Allowed
Audience (this field will automatically be filled, based on the value defined
at Client ID)
- Metadata
- Thumbprint
- Authority
- Auth0
connection
- Click Validate. The
validation screen will be displayed.
- The values from the product screen will be checked for common
mistakes, such as formatting, typos, and other mistakes. The tool will warn you when a
value is suspected to be wrong so that you can verify and correct it if needed.
- Type a username and password (from your federated identity
account) to test if the configuration values are correct for authentication
use.
- Click Validate.
- If the validation is successful, click Generate. The federated identity configuration files will be
generated in the installation folder for the product. It will also be retained
for future product updates.
Note:
- Only after a successful validation, the configuration files can be
generated.
- All values are case-sensitive; you should use the exact value,
including any symbols. You are advised to always use lowercase to avoid a
mismatch of the values.
- For more information on how to retrieve these details, see
How-to: Retrieving information for
Windows Azure Active Directory and Auth0.
- The tool requires read and write access to the installed folders
of Exact software. Therefore, it is recommended the tool be used with
Administrator privileges.
- For more information about the Federated Identity Configurator,
see
Federated Identity Configurator.
Additional information
Restarting the Exact Entity service
After generating the federated identity configuration files, the
Exact Entity Service should be restarted.
- Open
services.msc.
- Restart
Exact Entity Service.
Exact Globe+ login
When the Exact Globe+ services are configured to use the
federated identity authentication, the Exact Globe+ application should be
configured the same way.
The
login screen will be displayed for Auth0 when starting Exact Globe+. In the
login screen, the user name and password will be verified by Microsoft Azure or
Auth0 against the information configured at GlobeIdentity.config. The GlobeIdentity.config
file has to be created and placed into the Exact Globe+ installation folder
under the bin sub folder. For example, C:\Program files\Exact Globe+\bin.
The
password will be encrypted and stored at C:\Users\USERNAME\AppData\Local\IsolatedStorage.
The final sub folder will be stored in the AssemFiles folder.
The
exception handling log file will be created in a text file format (ExactSSOExceptions.txt)
at C:\Users\USERNAME\AppData\Roaming\Exact.
Related documents
Main Category: |
Attachments & notes |
Document Type: |
Online help main |
Category: |
|
Security level: |
All - 0 |
Sub category: |
|
Document ID: |
27.721.357 |
Assortment: |
Exact Globe+
|
Date: |
22-11-2022 |
Release: |
|
Attachment: |
|
Disclaimer |