xxllnc Expertsystemen Identity Server
The xxllnc Expertsystemen Identity Server (BB Identity Server) can be used to authenticate users through a third party authentication service. It can be configured for several types of services, such as Windows Authentication or OAuth2.
Use case
The Web server has its own [user management system](/the webserver/users/). If your company already has a user database that can be used to authenticate users through a standard protocol such as OAuth2, and you require that those identities be used, the BB Identity Server can be configured to take care of this.
Another use case is if you want to provide your users with a Single Sign On (SSO) environment. If, for example, they are already logged on to a Windows system, you could configure the BB Identity Server with Windows Authentication to ensure that users don’t need to log in again to use the models on the Web server.
How it works
Normally, the Web server checks its own user database whether a certain user is allowed to use a certain model. When the BB Identity Server is configured, it instead asks the BB Identity Server, which in turn will handle the communication with the third party service.
An extra option with the BB Identity Server is to allow users anonymous access to a model until they reach a certain point or meet certain criteria, and only then require them to login. This can be achieved by adding an External data action to your model and choosing bbiserver as the connection type.
User data
After a successful login, some user data will be available through the function getparambyname. Which data depends on the service provider, but bbis:bbusername will always be available.
Currently supported services / protocols
Currently the BB Identity Server can handle these services / protocols:
- Windows Authentication
- OAuth2 (several implementations)
- SAML
If you need support for another protocol, please let us know.
Installation and configuration
If you would like to use the BB Identity Server, please contact us.