It is possible to enable Centralized Authentication for an existing InRule installation, provided that you are updated to the most recent version of InRule. This can be accomplished by modifying configuration files and enabling authentication controls in their respective applications. The location of this files, and the values that need to be set are described below.
Before beginning this process. Make sure a User Administrator exists in your catalog that has a valid email address associated with them. An email address is required in order to log in using centralized authentication.
Enable Centralized Authentication in the irCatalog Service
Navigate to : (Your InRule Installation Root Directory)\irServer\RepositoryService\IisService
Open the web.config file and replace the existing <authentication> section with:
<authentication type="custom">
<provider>InRule.Repository.Service.Providers.SqlServerWithOpenIdConnectAuthenticationProvider, InRule.Repository.Service</provider>
<options>
<option name="validIssuer" value="https://auth.inrulecloud.com/" />
<option name="discoveryUrl" value="https://auth.inrulecloud.com/.well-known/openid-configuration" />
<option name="requireHttps" value="true" />
<option name="validAudiences" value="master_service" />
</options>
</authentication>
Enable Centralized Authentication for the irCatalogManager Website
Most of the configuration for irCatalogManager Website is handled via the installer. However, you will need to add a valid license key in order for the domain where you are hosting the website to be white-listed for use with centralized authentication. You can use any InRule license key. This key is used to validate that you are a current InRule customer.
Navigate to: (Your InRule Installation Root Directory)\irServer\CatalogManagerWeb
Open the Web.config file.
In the <appSettings> section. Modify the following child elements:
<add key="InRule.Catalog.Oidc.LicenseKey" value ="YOUR_LICENSE_KEY" />
<add key="InRule.Catalog.Oidc.Enabled" value="true" />
<add key="InRule.Catalog.Oidc.RedirectUri" value="https://yourcatalogmanagername.azurewebsites.net/" />
<add key="InRule.Catalog.Oidc.PostLogoutRedirectUri" value="https://yourcatalogmanagername.azurewebsites.net/" />
For the LicenseKey, this can be any valid InRule 5 license key. It is used only for determining that you are an InRule customer, and it does not register as an activation.
After you have modified the web.config file, it is necessary to restart the irCatalogManager Website. You can do this through Microsoft IIS. In addition, someone with an Application Administrator role in Azure AD needs to log in and authorize the InRule application.
Enable Centralized Authentication in irCatalogManager
In the top toolbar go to Options -> Enable Centralized Authentication Controls
Once checked and confirmed by hitting Ok, a Login button will appear in the top-right corner of the irCatalogManager screen.
Enable Centralized Authentication in irAuthor
In the top-most toolbar go to File -> Options. In the options screen, under the General tab, you will see a checkbox to Enable Centralized Authentication Controls.
Comments
0 comments
Please sign in to leave a comment.