A closer look at Bonita 2021.2: authentication with Open ID connect
Let's continue diving into some of the new features of Bonita 2021.2. Whether you are using Bonita Community or Bonita Enterprise, you will find in this series of posts some great new functionalities and improvements.
This time we will focus on an Enterprise feature : the support of Open ID Connect as authentication manager.
Bonita can now be configured to use the OpenID Connect (OIDC) protocol to provide single sign-on (SSO), in addition to SAML 2.0, CAS and Kerberos.
Why Open ID Connect?
We have decided to add OIDC to our list of supported authentication systems as
- Open ID Connect is getting more and more popular and widely used, with certified providers.
If you are searching for a certified provider, you can refer to the list provided by Open ID Foundation.
- OIDC provides a double level of authentication:
- SSO at the web pages level
- Authentication management at REST API level (based on OAuth)
How does that work?
This is an overview that describes the steps of the authentication process on a Bonita bundle configured as an OIDC client:
This configuration is done in 3 main steps:
- Configure Bonita Bundle for OIDC
- Configure the OIDC Identity Provider
- Configure the logout behaviour
Note that only the Authorization Code Flow of OpenID Connect is supported. Not the Implicit Flow.
All details about the configuration are described in our official documentation.
What about users creation on the fly in Bonita?
You really enjoyed this great feature of creation of users on the fly, introduced with Bonita 2021.1?
Don’t worry, we made sure it would be available with Open ID Connect as well. Nothing changes in terms of configuration or behaviour.
If you want to understand better how to configure it, watch our deep dive video:
Our newt post will deep dive into the development of extensions. Stay tuned!