Architecture
The solution is composed of 2 applications, the SAML Platform Authentication and the SAML Platform Authentication Plugin, both in the OutSystems Forge. These applications are mandatory to enable this SAML 2.0 Platform 2-factor Authentication mode in Lifetime.
The first application, SAML Platform Authentication, must be installed exclusively in the Lifetime environment and is composed of two modules, one end-user module, SAMLAuthentication, and a foundation module, LifetimeIdPClient.
The second application, SAML Platform Authentication Plugin, must be installed in all environments, including the Lifetime environment.
The figure below shows the processes occurring on the OutSystems Platform Services, the user browser, and the SSO IdP.
With this integration setup for a given IdP when the OutSystems Platform users access the SAMLAuthentication module, they are redirected to a web page (known as the enterprise's login manager) where they are prompted to enter their enterprise username and password. Upon verification of the user’s credentials, the user is redirected back to the SAMLAuthentication module.
The platform user is logged in, and a token is generated and presented on the screen so it can be used to access Service Studio, Integration Studio, Service Center, and Lifetime as shown in the figure below.
OutSystems Platform application authentication
As an example, let’s consider a login attempt in Service Studio, one of the Outsystems Platform applications, to the OutSystems Platform Development environment. The figure below shows the processes occurring between the OutSystems Platform applications.
Configuring the Service CenterIn the Service Center of every environment (including the LIFETIME_SERVER), where the “SAML Platform Authentication Plugin” application was installed, perform the following steps:
Configuring SAML 2.0 between Lifetime IdP Client and IdP Server
To access the configuration screen the user needs to have LifetimeIdPClient_Administrator privileges. Lifetime Administrators have this privilege automatically.
Configure the following from the SAML SSO:´
Optionally, only when required, configure:
Configuring your IdP Server to use the Lifetime IdP Client
https://success.outsystems.com/Documentation/How-to_Guides/Integrations/How_to_configure_OutSystems_to_use_identity_providers_using_SAML#Configure_Identity_Provider_-_Examples