Berkeley Bridge Identity Server
The Berkeley Bridge Identity Server (BB Identity Server) can be used to authenticate users through a third party authentication service. It can be configured for several types of services, such as Windows Authentication or OAuth2.
The Webserver has its own [user management system](/the webserver/users/). If your company already has a user database that can be used to authenticate users through a standard protocol such as OAuth2, and you require that those identities be used, the BB Identity Server can be configured to take care of this.
Another use case is if you want to provide your users with a Single Sign On (SSO) environment. If, for example, they are already logged on to a Windows system, you could configure the BB Identity Server with Windows Authentication to ensure that users don’t need to log in again to use the models on the Webserver.
How it works
Normally, the Webserver checks its own user database whether a certain user is allowed to use a certain model. When the BB Identity Server is configured, it instead asks the BB Identity Server, which in turn will handle the communication with the third party servivce.
An extra option with the BB Identity Server is to allow users anonymous access to a model until they reach a certain point or meet certain criteria, and only then require them to login. This can be achieved by adding an
External data action to your model and choosing
bbiserver as the connection type.
After a succesful login, some user data will be available through the function
getparambyname. Which data depends on the service provider, but
bbis:bbusername will always be available.
Currently supported services / protocols
Currently the BB Identity Server can handle these services / protocols:
- Windows Authentication
- OAuth2 (several implementations)
If you neeed support for another protocol, please let us know.
Installation and configuration
If you would like to use the BB Identity Server, please contact us.