I have an unusal case where I need to authenticate users in a legacy system. I have already written the extension to do so, but would like to wrap the whole thing in my own version of the "Users" eSpace. This is because most of the logic for the authentication will need to be done in Actions, and there are a number of supporting Entities. All of this is likely to be used in several eSpaces.

Is there a guide (that I've been unable to find) or a list of requirements for Authentication Providers?
If not, can someone point me in the right direction?

Hi Richard

I don't think there's a document with detailed information on how to use other Authentication Providers. What exactly do you need to know to implement your user provider espace?


Miguel Simões João
I've been unsure what all has to be done to make sure it works properly.

At this stage, I think that it is actually a lot simpler than I thought.
1. Make sure you provide a way to create users.
2. Make sure the eSpace is marked as a provider.
3. Somewhere in the logic of the eSpace make sure you call one of the System Login actions.
4. Possibly provide for the Logout action.

Is this all? Or am I missing something?

Hi Richard

That's pretty much it.

Here a few other basic reminders:
- The Login action should be called on the Login page, which can be on your new user provider espace or not.
- If you need your users to access applications other then your new user provider espace, you need to configure them to use your new user provider as "User Provider" (under the espace properties in Service Studio).
- If your applications have roles, then you'll also require a Role Management backoffice, so you can assign roles to users, just like the User's espace.

You're basically using the Single Sign-On feature of the Agile Platform.


Miguel Simões João

Thanks Miguel, those extra items are mostly obvious. I'm only concerned about the Role management. Roles themselves have actions which I assume maipulate the appropriate entities. However, is it safe to manipulate these manually, in cases where not all roles are exposed to the backoffice?

Thanks again. R
Hi Richard

No, it's not safe nor recommended. You should use the Roles built-in actions to grant, revoke and check roles.


Miguel Simões João
Good. I guessed as much. I'm pretty much done with writing my authentication provider and it seems to be working fine. Thanks for the help. R