One moment please...
 
 
Exact Globe+   
 

Getting started with Auth0 in Exact Globe+

Introduction

Note:

  • This document is only relevant to the controlled release participants.
  • This is not available for Exact Cloud customers.

If Exact Globe+ is configured for the federated identity environment, the federated identity services must also be configured to support the federated identity authentication, and to perform the federated identity authentication using the configured federated identity provider details.

This document describes the overview of how to configure Auth0 in Exact Globe+. Topics such as where to retrieve the details from an Auth0 account, and how to use the details to configure Auth0 in Exact Globe+ are also explained in this document.

Signing up for Auth0

To sign up for Auth0, do the following:

  1.  Go to https://manage.auth0.com/login. The following page will be displayed:
  2.  Click SIGN UP.
  3. Type your email address and password.
  4.  Click >. The following page will be displayed:
  5.  Type your account name at Account Name.
  6. Select the region at Region.
  7.  Select the agreement acceptance check box.
  8.  Click CREATE ACCOUNT. The following page will be displayed:
  9.  Disable all the authentication except for Database. If the rest of the authentication are not disabled, all the social media options will be displayed.
  10.  Click SAVE. You should now have an Auth0 account.

Your account name is always displayed on the top right of the page. When you click on your account name, a drop-down menu will be displayed with the Logout option.

To log in again, go to http://manage.auth0.com/ and type your account details.

Setting up Auth0 database connection and users for Exact Globe+

The Auth0 users are user accounts that can be used to log in to Exact Synergy Enterprise, Exact Globe+, Exact Lightweight Integration Server (ELIS), and others if these products have been configured to use the federated identity authentication using Auth0.

Before you can use these accounts, the following must be created:

  •  Auth0 database connection
  •  Users for the Auth0 database connection

Creating Auth0 database connection

  1.  Log in to your Auth0 account.
  2.  On the left menu, select Connections, and then select Database.
  3.  On the database page, click CREATE DB CONNECTION. The New Database Connection page will be displayed.
  4.  On the New Database Connection page, type a name at Name.
  5.  Click Create.
  6.  Once the database is created, go to the Clients tab, and ensure your Auth0 database connection is set to Default App.
  7.  The Auth0 database is now created. The name of the database connection is your Auth0 connection value.

Creating users for the Auth0 database connection

  1.  On the left menu, click Users.
  2.  On the Users page, click CREATE YOUR FIRST USER.
  3.  On the Create user page, define the following:
    • Type an email address at Email.
    • Type a password at Password.
    •  Type the same password again at Repeat Password.
  4.  Select the database connection that you have created above at Connection.
  5.  Click SAVE.
  6.  Your user is now created.

Note:

  •  Auth0 will send a verification email to the user. If you want to skip this step, click Actions > Edit Email. On the Edit E-mail page, click Set email as verified.
  •  To create more users, repeat the steps above.

Verifying if the users can be used

  1. Go to Connections, and then select Database.
  2.  For the database connection that you have created, click Try on the right of the database connection name.
  3.  In the log in screen, type the email address and password of the user that you have created, and click >.
  4.  If the user has been successfully created, the following page will be displayed:
  5.  These are the Auth0 users that you can use for your federated identity authentication.

Configuring Auth0 application

Auth0 applications are configurations that represent, and are used by Exact Synergy Enterprise, Exact Globe+, ELIS, and others for the federated identity authentication via Auth0. Before you can set up Exact Synergy Enterprise, Exact Globe+, ELIS, or other applications, you have to configure the Auth0 application first.

Note: This document describes reusing the Default App that has been previously created but you can also create another application.

To configure the Auth0 application, do the following:

  1.  Log in to your Auth0 account.
  2.  On the left menu, select Clients.
  3.  On the Clients page, click the name or settings icon of the Default App to view the details.
  4.  On the Default App page, click the Settings tab.
  5.  The Domain is your Authority and part of your JWT Issuer Name value. For more information, see How-to: Retrieving information for Windows Azure Active Directory and Auth0.
  6.  The Client ID is your Client ID value and Allowed Audience value. For more information, see How-to: Retrieving information for Windows Azure Active Directory and Auth0.
  7.  Select Native at Client Type, and type the URL at Allowed Callback URLs.
  8.  Ensure Use Auth0 instead of the ldP to do Single Sign On is enabled.
  9.  Click the Show Advanced Settings hyperlink to view the Advanced Settings section.
  10.  Under the Advanced Settings section, click the OAuth tab.
  11.  Select RS256 at JsonWeb Token Signature Algorithm.
  12.  Click SAVE CHANGES.
  13.  Click the Addons tab.
  14.  Enable WS-FED.
  15.  On the Addon: WS-Fed (WIF) Web App page, type the realm value at Realm. This is the App ID in URI format whereby this should be the same value as your callback URL. This value is your App URI value. This value is case-sensitive; you should use the exact value, including any symbols. You are advised to always use lowercase to avoid a mismatch of the values.
  16.  Click SAVE.
  17.  Close the Addons: WS-Fed (WIF) Web App page.
  18.  Click the Connections tab. Ensure the database connection that you have created is also enabled for this Auth0 application.

Viewing Auth0 logs

The authentication activities from Auth0 can be viewed by clicking Logs on the left menu.

Configuring Exact Globe+

Overview of Exact Globe Next with federated identity configuration

To use federated identity with Exact Globe+, the following configuration details must be made available in Exact Globe+:

  •  SAML Issuer Name
  •  JWT Issuer Name
  •  Client ID
  •  Allowed Audience
  •  Metadata
  •  Thumbprint
  •  Authority
  •  Auth0 connection

The configuration details stated must be entered in the Federated Identity Configurator, to generate the federated identity configuration files for Exact Globe+.

Retrieving Auth0 configuration details

To retrieve your Auth0 configuration details, log in to your Auth0 account and view the Auth0 application or client that you have configured for Exact Globe+.

For more information on how to retrieve these details, see How-to: Retrieving information for Windows Azure Active Directory and Auth0.

Note: All values are case-sensitive; you should use the exact value, including any symbols. You are advised to always use lowercase to avoid a mismatch of the values.

Configuring the Auth0 details into Exact Globe+

To configure Exact Globe+ to use Auth0 as the authentication provider, the web application must have the following files configured for the token-based authentication:

  • Bin\EntityServiceIdentity.config
  • Bin\GlobeIdentity.Config
  • XMD\Exact.WindowsService.config

These files should be configured and generated by the Federated Identity Configurator.

  1.  Start the Federated Identity Configurator, by starting FIDConfigurator.exe in the Cab folder of the Exact Globe+ installation folder. The tool requires read and write access to the installed folders of Exact software. Therefore, it is recommended the tool be used with Administrator privileges.
  2.  Select Exact Globe+ from the Products menu on the left.
  3.  Type or select the installation directory of Exact Globe+ at Installation Folder. When a path is specified, the tool will validate the path. If the path is validated successfully, the configuration section and buttons will be enabled.
  4.  Select Auth0 at the Identity Provider field.
  5.  Define the following fields:
    •  SAML Issuer Name
    •  JWT Issuer Name
    •  Client ID
    •  Allowed Audience (this field will automatically be filled, based on the value defined at Client ID)
    •  Metadata
    •  Thumbprint
    •  Authority
    •  Auth0 connection
  6.  Click Validate. The validation screen will be displayed.
  7.  The values from the product screen will be checked for common mistakes, such as formatting, typos, and other mistakes. The tool will warn you when a value is suspected to be wrong so that you can verify and correct it if needed.
  8.  Type a username and password (from your federated identity account) to test if the configuration values are correct for authentication use.
  9.  Click Validate.
  10.  If the validation is successful, click Generate. The federated identity configuration files will be generated in the installation folder for the product. It will also be retained for future product updates.

Note:

  •  Only after a successful validation, the configuration files can be generated.
  •  All values are case-sensitive; you should use the exact value, including any symbols. You are advised to always use lowercase to avoid a mismatch of the values.
  •  For more information on how to retrieve these details, see How-to: Retrieving information for Windows Azure Active Directory and Auth0.
  •  The tool requires read and write access to the installed folders of Exact software. Therefore, it is recommended the tool be used with Administrator privileges.
  •  For more information about the Federated Identity Configurator, see Federated Identity Configurator.

Additional information

Restarting the Exact Entity service

After generating the federated identity configuration files, the Exact Entity Service should be restarted.

  1. Open services.msc.
  2. Restart Exact Entity Service.

Exact Globe+ login

When the Exact Globe+ services are configured to use the federated identity authentication, the Exact Globe+ application should be configured the same way.

The login screen will be displayed for Auth0 when starting Exact Globe+. In the login screen, the user name and password will be verified by Microsoft Azure or Auth0 against the information configured at GlobeIdentity.config. The GlobeIdentity.config file has to be created and placed into the Exact Globe+ installation folder under the bin sub folder. For example, C:\Program files\Exact Globe+\bin.

The password will be encrypted and stored at C:\Users\USERNAME\AppData\Local\IsolatedStorage. The final sub folder will be stored in the AssemFiles folder.

The exception handling log file will be created in a text file format (ExactSSOExceptions.txt) at C:\Users\USERNAME\AppData\Roaming\Exact.

Related documents

     
 Main Category: Attachments & notes  Document Type: Online help main
 Category:  Security  level: All - 0
 Sub category:  Document ID: 27.721.357
 Assortment: Exact Globe+  Date: 22-11-2022
 Release:  Attachment:
 Disclaimer

Attachments
OH-GettingstartedwithAuth0inEGN.docx 201.1 KB View Download