1. Connector for OData / Connector for SAP Gateway
Name
Enter the name of the connection here.
Description
You can enter a description for the connection here.
Authentication
1.1. Method
1.1.1. None
For anonymous access.
1.1.2. Basic
With this method (HTTP Basic), the login
information will be requested. The user entered here will only be needed to
access the service metadata in the Portal Manager.
1.1.3. Intrexx
This method is useful for services provided
via the
Intrexx OData provider.
Login information
will be transferred encrypted here. To access the metadata, enter an
Intrexx user and corresponding password here as well.
1.1.4. Kerberos / Kerberos (HTTP Basic)
These methods are available in Windows
environments for using Windows Integrated Authentication for Single Sign-On.
The second option for "HTTP Basic" enables
authentication for clients that do not support the Kerberos protocol.
Please note the following basic requirements for successful authentication with Kerberos:
The users from your Active Directory must have been .
imported
into your portal.
Please make sure that at least one user is included in the
Administrators group, so that the
system may continue to be managed.
The server on which Intrexx is installed requires the group policy
"Delegation".
All clients and servers must be members of the same domain.
In Internet Explorer, the security settings for the used zone must
have the user authentication setting
of "Automatic logon with current user name and password".
Additionally, the option for "Enable Integrated Windows authentication"
must be selected in the
advanced settings.
Using Kerberos authentication provides you and your users with true Single
Sign-on access to the OData service that uses the Integrated Windows
Authentication.
If a user cannot be authenticated, the second option will automatically use
the standard login method.
For successful authentication, it is necessary to specify a Service Principal
Name (SPN). The SPN contains information about the service that requires a
Kerberos ticket to be generated for it. This ticket is required for the
Internet Information Server used by the Intrexx
Portal Server.
The SPN is generally constructed as follows:
http/<computer-DNS-name>@<KERBEROS_REALM>
Computer-DNS-name: Fully qualified host name (such as
"mycomputer.mycompany.com">)
KERBEROS_REALM: Generally the domain in uppercase letters (such as
"MYCOMPANY.COM").
The SPN would therefore look like the following using the sample data:
http/mycomputer.mycompany.com@MYCOMPANY.COM
With this method, a certificate store in PKCS12 format can be uploaded.
Later, each user can upload their own certificate store using a login form.
For authentication with X.509 certification, the root certificate of the
authentication authority, which is responsible
for issuing the client certificates, must previously have been
imported into Intrexx.
Restart the portal service afterwards.
OAuth2/OpenID Connect (from Intrexx 8 with Online-Update 05)
The method "OAuth2" supports services that require
an OAuth2 authorization for users. Should the service support an auto approval
of the user, the login of a user can be specified here for the metadata. If
this is not possible, the metadata document must first of all be saved
as a local file and stored in portal directory internal/cfg/odata
with the file name: <SERVICE_GUID>.edmx.
Currently, the actual configuration of the OAuth2 authorization must be
performed in the XML configuration file of the OData consumer directly
in the portal directory internal/cfg/odata
with the file name <SERVICEGUID>.xml.
The following properties are relevant here:
<property name="authenticationType" value="OAUTH2"/> // Value must be OAUTH2
<property name="oauth2.scope" value="<OAuth Scopes>"/>
<property name="oauth2.authenticationScheme" value="<Schema>"/>
<property name="oauth2.clientId" value="<Client ID>"/>
<property name="oauth2.grantType" value="<Grant Type>"/>
<property name="oauth2.clientAuthenticationScheme" value="<Client Schema>"/>
<property name="oauth2.userAuthorizationUri value="<Endpoint for the authentication>"/>
<property name="oauth2.clientSecret"value="<Client Secret>"/>
<property name="oauth2.redirectUri" value="<Redirect URL>"/>
<property name="oauth2.accessTokenUri" value="<Endpoint for the request of a token>"/>
In the following, excerpts of some example configurations for commonly
used OAuth2 services are listed. Many of these services cannot be used as
OData services. Despite this, the OAuth2 authentication can be used for direct
HTTP accesses to the service in Groovy scripts.
All information about forms-based authentication for Microsoft SharePoint
connections can be found
here.
1.1.9. SharePoint Fed Auth (SAML)
All information about forms-based authentication with identity providers
conforming to SAML for Microsoft SharePoint
connections can be found
here.
Connection timeout
Timeout
Enter how long the connection should be maintained
in milliseconds, seconds, minutes or hours.
Active
With this setting, the defined timeout will take effect.
2. Connector for SharePoint
Name
Enter the name of the new connection here.
Description
You can enter a short description here.
Authentication
User / Password
Enter the username and password for the user you want to use to access
SharePoint. The user entered here will only be needed to
access the service metadata in the Portal Manager.
OAuth2/OpenID Connect (from Intrexx 8 with Online Update 05)
The method "OAuth2" supports services that require
an OAuth2 authorization for users. Should the service support an auto approval
of the user, the login of a user can be specified here for the metadata. If
this is not possible, the metadata document must first of all be saved
as a local file and stored in portal directory internal/cfg/odata
with the file name: <SERVICE_GUID>.edmx.
Currently, the actual configuration of the OAuth2 authorization must be
performed in the XML configuration file of the OData consumer directly
in the portal directory internal/cfg/odata
with the file name <SERVICEGUID>.xml.
The following properties are relevant here:
<property name="authenticationType" value="OAUTH2"/> // Value must be OAUTH2
<property name="oauth2.scope" value="<OAuth Scopes>"/>
<property name="oauth2.authenticationScheme" value="<Schema>"/>
<property name="oauth2.clientId" value="<Client ID>"/>
<property name="oauth2.grantType" value="<Grant Type>"/>
<property name="oauth2.clientAuthenticationScheme" value="<Client Schema>"/>
<property name="oauth2.userAuthorizationUri value="<Endpoint for the authentication>"/>
<property name="oauth2.clientSecret"value="<Client Secret>"/>
<property name="oauth2.redirectUri" value="<Redirect URL>"/>
<property name="oauth2.accessTokenUri" value="<Endpoint for the request of a token>"/>
In the following, excerpts of some example configurations for commonly
used OAuth2 services are listed. Many of these services cannot be used as
OData services. Despite this, the OAuth2 authentication can be used for direct
HTTP accesses to the service in Groovy scripts.