PDA

View Full Version : Lianja login using external site authentication



lisam
2016-06-26, 06:10
Hi,
We are testing a web app that uses the user's domain field to determine which database they access when they login along with their assigned role. Rather than managing user passwords, is it possible to write a front end that enables users to login and authenticate with an external site, such as Google Sign-in or Facebook login, then upon successful authentication retrieve and match their userid/email address to their Lianja user record and automatically log them into Lianja?

Thank you very much for your assistance,
Lisa

barrymavin
2016-06-26, 07:20
Hi Lisa,

Since v1.3 database tenancies are supported as stated in the roadmap.



Enabled database tenancies based on the authenticated user. The "Database" used by an App for a user in a specified tenancy is postfixed with an "_" followed by the tenancy (domain) for the user specified in the "Users" workspace. For example, if the database for an App is southwind and the user has a tenacy (domain) specified of xyzco then the database used for that user will be southwind_xyzco. When the user authenticates in Desktop, Web or Mobile apps the specified database will be used rather than the default database for the App. Remember to "Deploy" the system!sysroles table and the database for that tenancy from the "Deploy" workspace. Note that if the tenancy name contains '.' or '@' characters these are replaced with '_' characters e.g. lianja.com using the southwind database would expect the database southwind_lianja_com to exist. You can "copy" a complete database to another using the COPY DATABASE command in the console or the "Copy" menu selection in the "Data" workspace.

We are looking to provide single sign on using LDAP/Active Directory in v2.3 as stated in the roadmap.


LDAP/ActiveDirectory integration for roles and permissions. If the environment variable LIANJA_LDAP=ON is set then LDAP user authentication is performed and the "Groups" that the user belongs to correspond to "Roles" in the App. You also need to specify the "base dn" as an environment variable which is used as the root to search for groups assigned to a specific user e.g LIANJA_LDAP_BASEDN="ou=users,dc=yourdomain,dc=com". For testing you can set LIANJA_LDAP=OFF and use the Lianja users.

With regards to database and app tenancies in the cloud server, this is scheduled for v2.2.


Enable full "tenancies" of Apps, Library and Data. Database tenancies are already implemented in v1.3. This provides the ability to host multiple customers on the same Lianja Cloud Server which can be load balanced if required.

HankFay
2016-06-26, 13:27
Hi Lisa,

in addition to what Barry indicated, note that for logins associated with Google or Facebook, both provide a web api using OAuth2. You would, however, need to link the name of their Facebook or Google login and the Lianja user, beforehand. Once that is done you can:

a) allow guest login, but to a Landing Page, where they would authenticate through Google or Facebook. That would give you their login name for G+ or FB. You would then look them up in the Lianja users in order to set their database (and in future versions, the version of the app and the version of the Library). The Sysroles table would be used to find the users permissions/tenancy.

b) implied in the above is a table of your own in which link the G+ or FB login with the Lianja domain + username.

Now, you can probably have users do the linking themselves: you would give the user a code that encrypts or points to an encrypted domain + username (which will have their roles attached). From there depends on the actual factors at play in your context, but you can see the idea.

Hank

lisam
2016-06-27, 06:05
Thank you both very much!
Really appreciate your assistance. Will look into utilizing the guest login and landing page.

Thank you so much again,
Lisa