Outsystem app integration with custom IdentityServer 3 implementation

hi team,

I have a requirement wherein I would want to connect my outsystems app in cloud to a native / locally installed Identityserver3 implementation for authentication / authorization. 

Is there any way by which I  can override the outsystems based authentication / authorization ??

also, post this, we would like to connect to some of the secure rest services. Is this possible??

darshan ranganatha wrote:

hi team,

I have a requirement wherein I would want to connect my outsystems app in cloud to a native / locally installed Identityserver3 implementation for authentication / authorization. 

Is there any way by which I  can override the outsystems based authentication / authorization ??

also, post this, we would like to connect to some of the secure rest services. Is this possible??

Hi,

You can consume REST Service provide by IdentityServer3 & proceed.

https://success.outsystems.com/Documentation/11/Extensibility_and_Integration/REST/Consume_REST_APIs/Consume_a_REST_API

agree...just another couple of questions on this?

1. now, my app is hosted on cloud. My rest api is on local machine. Are we saying that we can connect from cloud to local machine or we will have to install the resp api on the cloud as well?? if yes, how to do that as that derives data from a sql server? do we have option to do this?

2. is there any link on how to write a c# code for this and then link it to the app / workflow logic??

3. also, is there an option to override the default authorization / authentication provided by outsystems?


Hi Darshan Ranganatha,

First of all, have you checked whether the IdP Connector could be used? It's being actively implemented, and it supports a few standards-based identity providers... I'd give it a try first.

Secondly, in order for your cloud (Personal?) Environment to connect to your local machine, your machine needs to have a publicly accessible domain name/IP that doesn't change (or you won't be able to reach the authentication service from your OutSystems applications). Can you give us a bit more insight on why you're doing this or what's your goal? You cannot install software on a Personal Environment, and I'm fairly sure you can't do it on a cloud Enterprise Environment either, so you wouldn't be able to install IdentityServer there.

Third, you can override both the Authentication and the Authorization part of OutSystems. Although replacing Authentication with your own mechanisms is fairly straightforward, doing so for Authorization is bypassing a lot of built-in functionality that you will need to implement all over again.

The Users app provides the default implementation of Authentication. You cannot modify this application (it's a system application) but you can clone it and modify the cloned one (let's say it is called MyUsers). Once this is done you need to make sure that your OutSystems applications use the MyUsers module as the User Provider (it's a property of the Module).

Out of the box, the authentication logic will check the credentials against the OutSystems' User data, if it cannot login then will try AD/LDAP if they are configured. In your case, you would need to modify it call any necessary API (whether it is via REST, SOAP Web Services or an Extension) to perform authentication against IdentityServer3 on another accessible endpoint.

You can use Integration Studio to create an Extension that is implemented in C# (new training course available here), and then use its Actions/Structures/Entities from Service Studio.