Governance Rules as a Service requires the OnBase Application Server to communicate with OnBase. You must also configure the Application Server to use IdP authentication. See Configuring the Application Server to Use IdP Authentication.
To configure Governance Rules as a Service to use the Hyland IdP server for authentication:
-
Configure a client connection on the Hyland IdP server for Governance Rules as a Service to use.
Tip:
Complete details on configuring a client connection on the Hyland IdP server are documented in the separate Identity and Access Management Services documentation. Version compatibility with OnBase Foundation releases is documented in the Version section of that documentation.
The client connection must have the following settings, as well as any standard required settings. All other settings can be left with the default values.
Setting
Value
Protocol Type
oidc
Redirect URLs
The URL of the Governance Rules as a Service application. This must match the value configured in the Governance Rules as a Service configuration file (rm.config.json).
For example, if your domain is my.domain, the Governance Rules as a Service application name is GRaaS, and the environment is configured for secure connections, then the value is: https://my.domain/GRaaS
Allowed Grant Types
Authorization Code
Allowed Scopes
openid
Post Logout Redirect URLs
This value is not required for Governance Rules as a Service.
Allowed Cors Origins
The URLs of the Governance Rules as a Service application and the OnBase Application Server.
Pkce
Do not select Require PKCE
Secret
Do not select Client Secret must be present
-
After saving the client connection, copy the Client ID value to the clipboard by clicking the icon at the right of the Client ID field.
Tip:Recycle the application pool of the Hyland IdP server in IIS for any configuration changes on the Hyland IdP server to take effect.
-
Open the rm.config.json file of the Governance Rules as a Service application for editing in a plain-text editor. In a default installation, this file is located at: C:\inetpub\wwwroot\GRaaS\assets\
CAUTION: Be very careful when updating the JSON configuration files. If a copy exists with a similar naming scheme (for example, appsettings.backup.json), and that copy is not deleted, the incorrect JSON configuration file may be used. Configuration files are read in lexicographic order, or the order in which they are loaded. This means that the last file saved is the first file loaded. The order of precedence for the loading of the configuration sources is: 1) appsettings.json file, 2) appsettings.{AltName}.json file, 3) Key-per-file directories, 4) Environment variables, and 5) Command Line arguments. As a result, if a JSON configuration file is configured with an alternate name, and is the most recently saved version of the JSON configuration file, the file with the alternate name will take precedence, which causes major errors during login.
-
Update the values of the following settings.
Setting
Value
idp
The endpoint of the Hyland IdP server without the tenant. This value is case sensitive.
For example, if your domain is my.domain, the Hyland IdP application name is identityprovider, and the environment is configured for secure connections, then the value is: https://my.domain/identityprovider
clientId
Paste the client ID value you copied from the Hyland IdP server into the value of the clientId setting. This is the unique ID of the client on the Hyland IdP server configured for use with Governance Rules as a Service. This value is case sensitive and must match exactly the value on the Hyland IdP server.
tenant
The name of the tenant on the Hyland IdP server. This value is case sensitive.
-
Save and close the rm.config.json file.
Tip:
Recycle the application pool of the Governance Rules as a Service application in IIS for any configuration changes to take effect.