Skip to main content

Backends configuration | Identity federation

Backends parameters help to manage identity storage and associated features within the server. Those are to keep credentials and identities while providing them abilities helping to manage authorization and authentication provided by the identity provider interfaces.

Parameters sections

Backends can be customized through either the Administration API or the user interface providing 6 categories of settings:

  • General configuration
  • Type
  • Email configuration
  • Identity federation
  • Verifiable credentials
  • User metadata

Identity federation parameters

Add federated server adds a federated server configuration to the current backend, helping to enable identity federation, using remote authentication methods, with it which can be materialized by a "login with" button.

federated server configuration

You'll need to fill the redirect_uri on the federated server client configuration ${BORUTA_OAUTH_HOST}/accounts/backends/:backend_id/:federated_server_name/callback

Federated server

Server name help to recognize the configured remote authentication server within the administration interface.

Client ID is the configured client_id on the remote authentication server OAuth client configuration.

Client secret is the configured client_secret on the remote authentication server OAuth client configuration.

Base URL is the base URL used for the interactions with the remote authentication server.

scope (separated with a whitespace) are the scopes that are used in the authorization code grant flow authenticating with the remote server.

Add Federated metadata metadata endpoint configuration that help to fetch protected resources using the granted access token.

  • Metadata endpoint URL is the URL where to fetch the user metadata
  • Metadata endpoint claims (separated with a whitespace) is the list of the jsonpaths used to retreive user metadata. You can use the token :all to select all current node claims.

Use OpenID discovery define if OpenID discovery is used to fetch server configuration (endpoints)

paths

All remote authentication server configuration endpoints can be expressed with either a path relative to the Base URL or with a full URL.

Discovery endpoints

Discovery path the OpenID discovery path used to fetch server configuration. Configuration is fetched while persisting the backend configuration.

OpenID endpoints

Userinfo path the OpenID Userinfo path used to fetch user information.

Authorize path the OAuth 2.0 authorize path used to authenticate the current user.

Token path the OAuth 2.0 token path used to fetch an access_token given an authorization code.

User interface

backend form