Configuring Bar Code Generator to Use IdP Authentication - Identity and Access Management Services - English - Foundation 22.1 - OnBase - external

Integrating With Hyland IAM Services

Platform
OnBase
Product
Identity and Access Management Services
Release
Foundation 22.1
License
Note:

Bar Code Generator requires the OnBase Application Server to communicate with OnBase. You must also configure the Application Server to use IdP authentication. See Configuring the Application Server to Use IdP Authentication.

To configure Bar Code Generator to use the Hyland IdP server for authentication:

  1. Configure a client connection on the Hyland IdP server for Bar Code Generator to use.
    Tip:

    If you have already set up a client connection for the OnBase Unity Client you should be able to use the same connection for Bar Code Generator as long as the Allowed Scopes include onbaseapi as well as openid. Complete details on configuring a client connection on the Hyland IdP server are documented in the separate Identity and Access Management Services documentation. Version compatibility with OnBase Foundation releases is documented in the Version section of that documentation.

    The client connection must have the following settings, as well as any standard required settings. All other settings can be left with the default values.

    Setting

    Value

    Protocol Type

    oidc

    Redirect URLs

    The URL of the Service.asmx page of the OnBase Application Server. This value must be the same as the ServicePath configured for the Unity Client, which must be all lowercase.

    Allowed Grant Types

    Authorization Code

    Allowed Scopes

    • openid

    • onbaseapi

    Post Logout Redirect URLs

    This value does not need to be configured for Bar Code Generator.

    Pkce

    Select Require PKCE

    Secret

    Do not select Client Secret must be present

  2. After saving the client connection, copy the Client ID value to the clipboard by clicking the icon at the right of the Client ID field.
    Tip:

    Recycle the application pool of the Hyland IdP server in IIS for any configuration changes on the Hyland IdP server to take effect.

  3. Create a command line with the following switches. This command line is used to launch Bar Code Generator and configure it to use IdP authentication.

    Switch

    Value

    -IDP

    The URL of the Hyland IdP server. Do not include a tenant in the URL. This value is case sensitive.

    For example, if your domain is my.domain, the Hyland IdP application name is identityprovider, and the environment is configured for secure connections, then the value is: https://my.domain/identityprovider

    -IDPTENANT

    The name of the tenant on the Hyland IdP server. This value is case sensitive.

    -IDPCLIENTID

    Paste the client ID you copied from the client connection as the value of the IDPCLIENTID switch.

    This is the unique ID of the client connection on the Hyland IdP server. This value is case sensitive and must match exactly the value on the Hyland IdP server.

    -IDPREDIRECTURI

    The URL of the Service.asmx page of the OnBase Application Server.

    This value must be all lowercase and the same as the value configured in the Redirect URLs for the client connection on the Hyland IdP server.

    -IDPCHALLENGEMODE

    The recommended value is S256.

    Note:

    If plain is used as the challenge mode then Allow PKCE with a plaintext code challenge must be selected for the client connection on the Hyland IdP server.

    For example, a command line to launch Bar Code Generator using IdP authentication may look like this:

    "C:\Program Files (x86)\Hyland\Bar Code Generator\Barcoder.exe" -IDP="https://my-server/identityprovider" -IDPTENANT="MyTenant" -IDPCLIENTID="36f2221c-55e0-482b-8776-a1ed025df011" -IDPREDIRECTURI="https://my-server/appserver/service.asmx" -IDPCHALLENGEMODE="S256"
  4. Launch Bar Code Generator from the command line with the switches you configured applied. The configuration information for IdP authentication is automatically written to the Bar Code Generator configuration file.
    Note:

    After the initial launch from the command line, IdP authentication is always used to log in to Bar Code Generator. The IdP switches do not need to be applied when launching Bar Code Generator after the first time.

To disable IdP authentication, locate the IdPServerURL attribute in the Bar Code Generator configuration file and delete its value.

Tip:

For complete details on configuring Bar Code Generator, see the Bar Code Generator module reference guide.