My company wants to switch our OEBPM application from JDBC User Management to an external system they are also using for other (non-Progress) applications, so users can be managed in one single location. So when a users logs in our OEBPM application, authentication should find place via an API-call to the UM of our company.
I have found documentation about custom realms and stuff for OEBPM, but when reading on, it appears this still depends on an OpenEdge database to which the AppServer is connected... that is not the case.
Is there a way to do authentication via an OAuth2 flow? I probably need to implement some interfaces?
Thanks in advance.
It is possible to work with external user management by implementing the following Java interfaces.
com.tdiinc.userManager.Realm : Authenticates users & manages user/group creation.
com.tdiinc.userManager.User : Java model of BPM User
com.tdiinc.userManager.Group : Java model of BPM User Group
Refer to the documentation at documentation.progress.com/.../index.html for its related configuration.
The custom Realm can be implemented to communicate with the external system for authentication.
For example, to use OAuth2, you can use any Java OAuth2 client wrapped with-in you Realm implementation to authorize BPM users. (this suggestion is not verified)
Please do remember that in your custom Realm implementation, you should have an "admin/admin" BPM user for which unlimited access is provided with-in BPM after installation. This is required because only a user with "admin" privileges can grant permissions to other users.