ADFS/Azure replacement

  • 15 April 2020
  • 6 replies
  • 649 views

Userlevel 2
Badge +7

 

Dear all

I’m working on a OIDC compliant integration with IFS and Okta (in my example) as Identity Provider.

I managed to configure both EE and Aurena to be able to login.

However, EE refuses to properly use the refresh token flow and crashes after some minutes.

Has anyone some experience in this area?

Many thanks

Dominik


6 replies

Userlevel 6
Badge +18

Hi Dominik,

Currently IFS Apps 10 Supports three Identity Providers out-of-the-box:
● IFS Database IDP
● ADFS 4.0
● Azure AD

I have run into this question regarding Okta before but I dont fully understand whether it is based on ADFS or independent cloud based protocol. 

If it is not ADFS based, then it is most likely not supported by IFS yet.

 

Good luck!

Userlevel 2
Badge +7

Hi Srikanth

I would say Okta is fully compliant OIDC https://www.okta.com/openid-connect/ Identity Provider, minus the things Microsoft adds to make ADFS/Azure a bit more special (and less standard). Unfortunately there is no documentation out there what IFS requires, and its a long trial and error approach.

Last missing piece is the refresh token for EE, which is not working at all and I don’t even see an attempt from IFS to get a new token.

I’ll keep you updated.

Thanks

Dominik

Userlevel 6
Badge +18

Unfortunately there is no documentation out there what IFS requires, and its a long trial and error approach - I hear you.

This isn’t specific documentation but may be can help you cause:

 

Badge

@dominikdurrer Have you been able to use OKTA? If yes, can we share something with us? We are also trying it, but IFS is not supporting it...

Userlevel 2
Badge +7

 @WBRWILLIAM I have a working configuration for Aurena. Enterprise Explorer unfortunately not. After 30 minutes I receive the reauthentication error, indicating that something is wrong with the fresh tokens.

Since we have just introduced MS O365 integrated with Okta as IDP, I will try this route now.

IFS → Azure → Okta login route.

Userlevel 2
Badge +7

@WBRWILLIAM I gave up with Enterprise Explorer and Aurena, and have a working configuration now over Azure, which redirects me to my Cloud IDP. That is a step more, rather than directly to the Cloud IDP, but it appears to work.

 

For Aurena B2B, I will most likely leverage the existing IDP configuration, but there I face the issue that IFS only reads from AD, and not LDAP, which would be useful to import suppliers/customer login accounts.

Reply