Authentication Providers

User Authentication

An application may require users to log onto the system (authentication). That means the application needs some kind of user management and users need to authenticate themselves and need to be authorized to access the application. To do this you have several options:

  • Create all user management functionality as part of your application (there is a great example available in My WEM that you can use as a base - look for Basic Authentication project in Quick Starters or the App Store);

  • Use an external authentication provider. In this case the WEM application relies on an external authentication provider to authenticate users. You may still need to link them to an application-specific list of users for additional details or specific in-app authorizations.

Using an external authentication provider means that users usually need to log onto their company network only once and don’t need to log into an application (like your WEM application) that relies on the authentication provider, such as e.g. Microsoft’s Active Directory. This is called “Single Sign-On” (or SSO).

Support for external Authentication Providers

The two most widely used protocols by authentication providers are SAML and OAuth2.

  • SAML is used for authentication and authorization and is mostly used in corporate/enterprise environments. Microsoft (Active Directory), Google (G Suite), Oracle and Salesforce are just a few companies that have SAML based authentication and authorization products.

  • OAuth2 is mostly used as an authorization protocol and is widely used by social platforms like Facebook, LinkedIn, Twitter, etc. A lot of mobile apps use Oauth2 to authorize users to use the app (“Log in with your Facebook account”).

WEM supports both protocols. In the flowchart documentation about the authentication nodes you can find how to use these in your application. But before you can use them, the authentication providers need to be configured. That is the focus of this article.

Adding an Authentication Provider

First, choose which type (SAML or OAuth) you want to setup. Then go to the appropriate folder (SAML 2.0 authentication or OAuth 2.0 authorization) in the project tree and click on the Add authentication provider option in the context menu [...]. Give your identity provider a name that will be used throughout the WEM Modeler.

Next, continue with either SAML or OAuth settings...

Last updated