Config Server-Based Model Log-in with OpenID Connect Authentication

In HOD, users have the option for Configuration server-based model to enable login option with OpenID Connect Authentication credentials, by enabling Automatically log the user on to Host on-Demand using their OpenID Connect Authentication username. By enabling the same option, in HOD Hex Client user can log in to the configuration server-based model page withOpenID Connect Authentication credentials.

Create Configuration Server-Based Model in DW for ZIE for Web Client

In the deployment wizard, Select the Configuration server-based model and enable automatically log users on to Host on-demand using their Windows username.

  • Users are from Windows domain - It is optional. If needed, fill in the dummy value.

  • Create User ID if does not exist?
    • Yes - Enter the group name where the user needs to be created.
    • No - Choose this option if the user already exists.
Follow the below steps to set up the ZIE for Web Client:
  1. Register the HOD Hex Client application with any service provider like OKTA/KeyCloak , configure the Redirect URI and Scope with the service provider and fetch the OIDC domain URL, Client id and Client secret from the provider.
  2. After fetching the above details configure the client secret in HOD HEX CLIENT build (EAR/WAR - need to update client secret in web.xml file).
  3. Rest of the details i.e. OIDC domain URL, Client id,Redirect URI and scope need to be configured in web.properties file.
  4. After configuration, launch the Config server-based model in HOD HEX CLIENT.
  5. While launching, a Okta/Keycloak or any service provider Authentication pops up. Here, users need to provide credentials to log in.
  6. Once login success, the config server-based model page will be launched.
  7. If it is the first time, the user will be created with the name of MS email's first half under the group mentioned. If email ID is not available, then the Username will be considered.
  8. If the mail id name part contains something other than a dot(.) and a hyphen (-), the special characters are replaced with a hyphen (-).
  9. If the user does not configure the application with ClientID and redirect URL, MS authentication fails. The HOD HEX CLIENT page pops a warning message like Configuration not done properly/wrong credentials.
  10. Create User ID if does not exist?
    • Yes:

      • While launching HOD Hex Client, check the user in the mentioned group. If the user already exists, the page will be launched.

      • If the user does not exist in mentioned groups, it will create a new user in mentioned groups.

      • While creating a user, check in the HOD user/group window whether the 'Allow users to create accounts' checkbox is selected.

      • If Allow users to create accounts checked, users will be created in mentioned groups.

      • If Allow users create accounts checkbox is clear, the HOD Hex Client page and a warning message for authentication exception will go through.

      • If mentioned groups do not exist in the HOD user/group, the HOD Hex Client page will through a warning message for the group does not exist exception.

    • No:

      • Go with this option only when the user exists in any group.

      • If a user exists, the HOD Hex Client page will be launched, else page pops up a warning message for the user does not exist exception.