Different OAuth configurations for Angular Portals

I would like to setup Angular projects with different IDP configuration for OAuth 2.0 authentication so that we can enforce coarse grained authorisation at the IDP. It appears as though the configuration in One Identity applies at the /ApiServer/ level and therefore uses the same configuration for the user portal and the operations support portal.

Is it possible to have the user portal and the operations support portal using different OAuth configurations?

Top Replies

Hanno Bunjes 4 months ago in reply to craig rose +1 verified

Go to the web application's definition in Designer, and list the API projects in the XML:

<Config>
<ApiProject Name="portal" />
<ApiProject Name="opsupport" />…
Hanno Bunjes 3 months ago in reply to Niels de Groot +1 verified

Hi Niels de Groot

I guess we're talking about subtly different questions ..

This XML limits the API projects, which I believed was the direction of Craig's question. Looking at it now, we probably…

0 Hanno Bunjes 4 months ago

Hi Craig,

You can install 2 separate API Servers, each having a different IDP configuration.
Cancel
Up 0 Down

Reply

Verify Answer

Cancel
0 craig rose 4 months ago in reply to Hanno Bunjes

Thanks Hanno. Is there a way to configure both instances of the ApiServer installation with which projects should be available? i.e. only allow OpsPortal on ApiServer1 and only enable Web Portal on ApiServer2?
Cancel
Up 0 Down

Reply

Verify Answer

Cancel
+1 Hanno Bunjes 4 months ago in reply to craig rose

Go to the web application's definition in Designer, and list the API projects in the XML:

<Config>
<ApiProject Name="portal" />
<ApiProject Name="opsupport" />
</Config>
Cancel
Up +1 Down

Reply

Verify Answer

Reject Answer

Cancel
0 lucas1996clark 4 months ago in reply to Hanno Bunjes

Thank you, it worked. Please mark it as solution.
Cancel
Up 0 Down

Reply

Verify Answer

Cancel
0 leen boers 3 months ago in reply to Hanno Bunjes

Hi Hanno,

Could you please elaborate a little more about this solution? I cannot find where you are reference to in the Designer and where to place that XML code.
Cancel
Up 0 Down

Reply

Verify Answer

Cancel
0 Niels de Groot 3 months ago in reply to Hanno Bunjes

Hanno Bunjes lucas1996clark

Same question as Leen.
I thought this is the way to configure put it in CustomConfiguration@QBMProduct

Base Data > Security settings > Programs > API Designer
Configuration data
<Config>
<ApiProject Name="portal" />
</Config>

But for me this has no effect on the loaded portals (9.2.1 and 9.3)

Thank you for your time.
Cancel
Up 0 Down

Reply

Verify Answer

Cancel
+1 Hanno Bunjes 3 months ago in reply to Niels de Groot

Hi Niels de Groot

I guess we're talking about subtly different questions ..

This XML limits the API projects, which I believed was the direction of Craig's question. Looking at it now, we probably mean the HTML5 applications (which are technically separate things from the APIs, although they are of course related).

The HTML5 apps cannot be limited per server at the moment.

If you want to allow only one, you can configure qer-app-portal as the starting application instead of qbm-app-landingpage. You could even block the URLs for the other apps on the server level for additional security.
Cancel
Up +1 Down

Reply

Reject Answer

Cancel