Enabling IdP Authentication Using the Configuration File - Identity and Access Management Services - Foundation 23.1 - Foundation 23.1 - Ready - OnBase - external

Integrating With Hyland IAM Services

Platform
OnBase
Product
Identity and Access Management Services
Release
Foundation 23.1
License

To use Hyland IdP authentication with Express Scanning without requiring command-line switches, you must configure the values as settings in the local or master configuration files.

The settings added to the configuration files are the same for both the local and master configuration files. If both the local and master configuration files are configured, the settings in the local file override the settings in the master file.

Tip:

Before launching Express Scanning the client connection must be configured on the Hyland IdP server. See Configuring Express Scanning to Use IdP Authentication.

To add Hyland IdP authentication settings to the Express Scanning configuration file:

  1. Locate the Express Scanning *.config.xml file and open it for editing in a plain-text editor.

    In a default installation, the master configuration file is located at C:\Program Files (x86)\Hyland\Express Scanning\express.master.config.xml and the local configuration file is located at C:\ProgramData\ExpressScan\express.local.config.xml

    Tip:

    For complete details on configuring Express Scanning, see the Express Scanning module reference guide.

  2. Add the IDP element as a child of the LOGIN element. The template of the IDP element is:
    <IDP server="" tenant="" clientid="" redirect_uri="" challenge_mode="" />
  3. Update the attributes of the IDP element with the following values.

    Attribute

    Value

    server

    The URL of the Hyland IdP server. Do not include a tenant in the URL. This value is case sensitive.

    For example, if your domain is my.domain, the Hyland IdP application name is identityprovider, and the environment is configured for secure connections, then the value is: https://my.domain/identityprovider

    tenant

    The name of the tenant on the Hyland IdP server. This value is case sensitive.

    clientid

    Paste the client ID you copied from the client connection as the value of the clientid attribute.

    This is the unique ID of the client connection on the Hyland IdP server. This value is case sensitive and must match exactly the value on the Hyland IdP server.

    redirect_uri

    The URL of the Service.asmx page of the OnBase Application Server.

    This value must be all lowercase and the same as the value configured in the Redirect URLs for the client connection on the Hyland IdP server.

    challenge_mode

    The recommended value is S256.

    Note:

    If plain is used as the challenge mode then Allow PKCE with a plaintext code challenge must be selected for the client connection on the Hyland IdP server.

  4. Save and close the configuration file.

When Express Scanning is launched with the configuration settings added, the Hyland IdP server is used for authentication.