Configuring the REST API to Use IdP Authentication - Identity and Access Management Services - Foundation 23.1 - Foundation 23.1 - Ready - OnBase - external

Integrating With Hyland IAM Services
Platform
OnBase
Product
Identity and Access Management Services
Release
Foundation 23.1
License

The OnBase REST API uses the Hyland IdP server for authentication with OnBase.

Tip:

Complete details on configuring a client connection on the Hyland IdP server are documented in the separate Identity and Access Management Services documentation. Version compatibility with OnBase Foundation releases is documented in the Version section of that documentation.

To configure the OnBase REST API to use the Hyland IdP server for authentication:

  1. Configure a client connection on the Hyland IdP server for the OnBase REST API to use.

    The client connection must have the following settings, as well as any standard required settings. All other settings can be left with the default values.

    Setting

    Value

    Protocol Type

    oidc

    Allowed Grant Types

    Password

    Allowed Scopes

    evolution

    Secret

    Select Client Secret must be present

  2. Configure a client secret for the client connection on the Hyland IdP server. The Value of the client secret is the plain-text value of the word or phrase passed as the client secret by the application that uses the OnBase REST API.
    Note:

    The value entered is converted to a hash of the value when the client connection is saved, but the value passed from the application must still be plain text.

  3. Set the Type of the client secret to Shared Secret.
  4. Save the client connection. The Client ID value is automatically populated.
  5. Copy the Client ID value to the clipboard by clicking the icon at the right of the Client ID field.
  6. Recycle the application pool of the Hyland IdP server in IIS for any configuration changes on the Hyland IdP server to take effect.
  7. Configure the application that uses the OnBase REST API to use this client connection for authentication. The application must pass the following values to the Hyland IdP server.

    REST API property

    Description

    POST

    The endpoint of the token on the Hyland IdP server. This value is case sensitive. For example, if the domain is my.domain and the Hyland IdP application name is identityprovider, then the token endpoint value is: https://my.domain/identityprovider/connect/token

    client_id

    The unique Client ID value you copied to the clipboard after saving the client connection.

    client_secret

    The plain-text value of the client secret.

    tenant

    The name of the tenant on the Hyland IdP server that the client connection was configured for. This value is case sensitive and must match exactly the tenant name on the Hyland IdP server.

    grant_type

    The grant type of the client connection (Password).

    scope

    The scope of the client connection (evolution).

    username

    The username of the user in OnBase.

    password

    The password that corresponds to the username value.