Custom Authentication
The conventional authentication mechanism in our platform allows for either authenticating users based on credentials maintained in the User tab, through Active Directory (for Professional or Enterprise edition), or through Single Sign-In via OpenID Connect.
With the Enterprise Edition, you have the additional option of providing an entirely customized way of authenticating users. This is specified in a script that is provided in the Configuration tab.
There are at least two useful things that can be done with the authentication script:
- Authenticating the user through a third party system, for example an HR system.
- Letting users sign-up themselves. This will be discussed in the next section.
This script, using the WorkflowFirst DbfScript language, is provided a variable #input that contains both the username and their password. Its job is then to verify that user's validity by verifying the password, ensuring they have a record in the Users tab, and setting up any necessary roles such as Wiki Manager. It then returns the user record that it added, which is used by the system to establish an authenticated session.
This script is run both when they log in, and then periodically to check the session is still valid.
The DbfScript language is designed to be easy to read and understand, as it has a limited syntax and generally correlates directly to the way our platform works.
There is plenty of support in DbfScript for contacting external services, including contacting databases using ODBC or REST APIs.
In this section we will go over the basic steps of understanding how the script works, and provide a sample script for letting users sign themselves up.