Configuring REQConnect to Use IdP Authentication - Identity and Access Management Services - English - Foundation 22.1 - OnBase - external

Integrating With Hyland IAM Services

Platform
OnBase
Product
Identity and Access Management Services
Release
Foundation 22.1
License

REQConnect can be configured to use Hyland IdP authentication.

Note:

REQConnect requires the OnBase Application Server to communicate with OnBase. You must also configure the Application Server to use IdP authentication. See Configuring the Application Server to Use IdP Authentication.

To configure REQConnect to use the Hyland IdP server for authentication:

  1. Configure a client connection on the Hyland IdP server for REQConnect to use.
    Tip:

    Complete details on configuring a client connection on the Hyland IdP server are documented in the separate Identity and Access Management Services documentation. Version compatibility with OnBase Foundation releases is documented in the Version section of that documentation.

    The client connection must have the following settings, as well as any standard required settings. All other settings can be left with the default values.

    Setting

    Value

    Protocol Type

    oidc

    Redirect URLs

    The full URL of the login.aspx page of REQConnect. This value is case sensitive.

    For example, https://my.domain/docsfordeltek/REQAutomation/RequisitionForm/login.aspx

    Tip:

    Make sure the use of HTTP or HTTPS matches the configuration of your domain in IIS.

    Allowed Grant Types

    Authorization Code

    Password

    Allowed Scopes

    openid

    Post Logout Redirect URLs

    The full URL of the logout.aspx page of REQConnect. This value is case sensitive.

    For example, https://my.domain/docsfordeltek/REQAutomation/RequisitionForm/logout.aspx

    Tip:

    Make sure the use of HTTP or HTTPS matches the configuration of your domain in IIS.

    Pkce

    Do not select Require PKCE

    Allow PKCE with a plaintext code challenge

    Do not select Allow PKCE with a plaintext code challenge

    Secret

    Select Client Secret must be present

  2. Configure a client secret for the client connection with a Value that is the plain-text value of the word or phrase configured as the client secret for REQConnect, and set the Type to Shared Secret.
    Note:

    The value entered is converted to a hash of the value when the client connection is saved, but the value passed from REQConnect must still be plain text.

  3. Save the client connection. The Client ID value is automatically populated.
  4. Copy the Client ID value to the clipboard by clicking the icon at the right of the Client ID field.
    Tip:

    Recycle the application pool of the Hyland IdP server in IIS for any configuration changes on the Hyland IdP server to take effect.

  5. Open the web.config file of the Docs for Deltek server for editing in a plain-text editor. In a default installation, this file is located at C:\inetpub\wwwroot\docsfordeltek.
  6. Locate the IdPUrl key under the appSettings element.
  7. Construct a URL that contains the following elements in the following order. Separate each element with a semi-colon (;).
    • The base URL of the Hyland IdP server. For example, if your domain is my.domain, the Hyland IdP application name is identityprovider, and the environment is configured for secure connections, then the value is: https://my.domain/identityprovider

    • The name of the Hyland IdP server tenant to use. This value is case sensitive and must match exactly the tenant name on the Hyland IdP server.

    • The unique ID of the client connection to use on the Hyland IdP server. This value is case sensitive and must match exactly the value on the Hyland IdP server.

    • The plain-text word to use as the client secret. This value is required.

      Note:

      You must also configure the corresponding client secret for the client connection on the Hyland IdP server. Complete details on configuring a client secret for a client connection on the Hyland IdP server are documented in the separate Identity and Access Management Services documentation. Version compatibility with OnBase Foundation releases is documented in the Version section of that documentation.

    For example, a completed URL using the examples from the list, with secret as the client secret word, will look similar to this:

    https://my-domain/identityprovider;TenantName;1735f48f-88d9-45bf-bd1b-6e74a448cecc;secret
  8. Enter the URL you constructed as the value of the IdPUrl key.
  9. Save and close the web.config file.
  10. Recycle the application pool of the Docs for Deltek server for the changes to take effect.