Ir para o conteúdo

Security Provider - Import/Export

Vinyl supports both importing and exporting security provider configurations.

Import

To import a security provider, start by signing into Vinyl as an Administrator:

  1. Switch to the IDE
  2. Click the Security Providers button
  3. In the Configuration panel, expand the More menu and click Import Provider
  4. Provide the serialized security provider. See Format below.
  5. Click the Import button
  6. Click the View button to view and modify the security provider

Vinyl will assign a unique identifier to the security provider on import.

The the new security provider will be disabled by default and will not appear on the login form.

Export

To export a security provider provider, start by signing into Vinyl as an administrator:

  1. Switch to the IDE
  2. Click the Security Providers button
  3. Locate the security provider and click the Details icon (chevron)
  4. Expand the More menu and click Export Provider

This will display the serialized security provider configuration.

Format

The security provider configuration format takes the form of a JSON document.

The root element is an object of type Provider.

Example

{
  "name": "MyIdP",
  "type": "saml_sp",
  "audience": "https://example/Vinyl",
  "recipient": "https://example/Vinyl/signin-MyIdP",
  "settings": {},
  "groups": [],
  "claimTypes": [],
  "endpoints": [
    {
      "type": "metadata",
      "url": "https://example/saml/metadata"
    }
  ],
  "credentials": [],
  "certificates": []
}

Types

Provider

Name Type Description
name String Security provider name.
type ProviderType Security provider type.
authenticationType AuthenticationType Authentication type.
oauthGrantType OAuthGrantType OAuth grant type.
oauthClientAuthenticationType OAuthClientAuthenticationType OAuth client authentication type.
oauthResourceAuthenticationType OAuthResourceAuthenticationType OAuth resource authentication types.
tokenOwner TokenOwner Token owner.
subject String Token subject.
issuer String Token issuer.
audience String Token audience.
recipient String Token Recipient.
entityId String Token entity identifier.
identityProviderUrl String Identity Provider (IdP) URL.
endpoints Endpoint[] Array of endpoints.
credentials Credential[] Array of credentials.
certificates Certificate[] Array of certificates and keys.
settings Object Collection of key/value pairs where each key corresponds to a well-known parameter name. See the specific security provider's documentation for a list of supported parameters.
claimTypes ClaimType[] Array of claim types.
groups Group[] Array of security groups.
registration Registration Security provider registration.

Endpoint

Name Type Description
type EndpointType Endpoint type.
url String Endpoint URL.

Credential

Name Type Description
type CredentialType Credential type.
userName String User name.
password String Plain-text password.

Certificate

Name Type Description
usage CertificateUsage Certificate usage.
type CertificateType Certificate type.
format CertificateFormat Certificate format.
content String Encoded certificate or key.
password String Plain-text password.
thumbprint* String Certificate thumbprint.

ClaimType

Name Type Description
identitier String Claim type identifier, typically a URL or JSON key.
usage ClaimTypeUsage Claim type usage.
priority Number Claim type priority.
ignore Boolean Indicates whether the claim type should be ignored.

Group

Name Type Description
name String Group name.
identifier String Group identifier.
groupId Unique ID Vinyl security group identifier.
grantOnIdentityCreate Boolean Indicates whether identities should be added to the group when provisioned.

Registration

Name Type Description
enabled Boolean Enables the security provider.
priority Number Security provider ordinal position.
sealed Boolean Seals the security provider. INTERNAL USE ONLY.
redirectOnChallenge Boolean Bypasses the login form and redirects the client to the user authentication provider when challenged.
showOnLoginForm Boolean Displays the user authentication provider on the login form.
userProvisioning Boolean Enables provisioning for the user authentication provider.
matchExistingUser Boolean Allows the user provisioning process to map identities to existing users.
suppliesGroupMembership Boolean Indicates that the user authentication provider maintains security group membership.
storeClaims Boolean Indicates that Vinyl should store any claims received from the user authentication provider.
defaultAuthenticationProvider Boolean Indicates that Vinyl should make the user authentication provider the system's default user authentication provider.

Values

ProviderType

Value Description
active_directory Active Directory
adobe_pdf_services Adobe PDF Services
api_key API Key
app_auth Application Authentication
google_openid_connect Google Accounts / OpenID Connect
http_basic_auth HTTP Basic Authentication
http_client HTTP Client
iwa_ Integrated Windows Authentication
jwt_sso JWT SSO
local Local User
microsoft_openid_connect Microsoft / OpenID Connect
oauth2 OAuth 2.0
openid_connect OpenID Connect 1.0
provisioning User Provisioning
rewrite_url Rewrite URL
salesforce Salesforce
salesforce_openid_connect Salesforce / OpenID Connect
saml_idp SAML Identity Provider (IdP)
saml_sp SAML Service Provider (SP)
sap_odata_services SAP OData Services
successfactors_odata SuccessFactors OData
successfactors_password SuccessFactors Password
wam Web Access Management
ws_federation WS-Federation

AuthenticationType

Value Description
anonymous Anonymous
basic Basic
delegated_oauth2 Delegated OAuth [DEPRECATED]
oauth2 OAuth

Support varies by security provider.

OAuthGrantType

Value Description
authorization_code Authorization Code
client_credentials Client Credentials
password Resource Owner Password Credentials
refresh_token Refresh Token
urn:ietf:params:oauth:grant-type:jwt-bearer JWT Bearer Token
urn:ietf:params:oauth:grant-type:saml2-bearer SAML 2.0 Bearer Assertion

Support varies by security provider.

OAuthClientAuthenticationType

Value Description
none None
client_secret_basic Basic
client_secret_post Parameter

Support varies by security provider.

OAuthResourceAuthenticationType

Value Description
bearer Bearer
form_post Form
query Query

Support varies by security provider.

TokenOwner

Value Description
client Client system, i.e. Vinyl
user User

EndpointType

Value Description
acs Assertion Consumer Service
api API Endpoint
authorization Authorization Endpoint
issuer OpenID Connect Issuer
metadata Metadata Endpoint
relay_state RelayState URI
request_redirect Request Redirect Endpoint
sso Single Sign On Service
token Token Endpoint
user_info User Info Endpoint

Support varies by security provider.

CredentialType

Value Description
client OAuth client.
directory_reader Active Directory reader.
resource_owner OAuth resource owner.

Support varies by security provider.

CertificateUsage

Value Description
client Client Certificate
signature_validation Signature Validation
signing Signing

Support varies by security provider.

CertificateType

Value Description
rsa_private_key RSA Private Key
rsa_public_key Public Key
x509 X.509 Certificate
x509_private_key X.509 Certificate with Private Key

Support varies by security provider.

CertificateFormat

Value Description
certificate_store Certificate Store
pem PEM
pkcs12 PKCS#12 (PFX)

Support varies by security provider.

ClaimTypeUsage

Value Description
displayName Display name
emailAddress Email address
fullName Full name
group Security group
name Name
nameId Name identifier
none None
phoneNumber Phone number