Authorization and authentication
IDE Services offers support for the OAuth 2.0 and SAML protocols for identity management and Single Sign-On (SSO.)
To learn how to configure OAuth 2.0, refer to the following topics:
Authorization via a custom layer
IDE Services allows you to handle authorization outside the IDE Services Server using a custom layer. For example, if you use a specific solution inside your company's network to authenticate and authorize requests. You can configure all IDE Services components to communicate with this custom layer. In this scenario, users won't need to log in to the Web UI, the Toolbox App, and IDEs explicitly, the custom layer will handle authentication and authorization automatically.
For the no-login setup, you need to configure each IDE Services component separately. The Web UI will detect the login details automatically once the IDE Services Server is configured.
IDE Services Server
For seamless authentication, you need to provide JSON Web Key Sets (JWKS) on the IDE Services Server side. These sets of keys are required to verify JSON Web Tokens (JWT) issued by the authorization server.
You will still need to specify the details of your OAuth 2.0 provider in the application.yaml file for proper functioning of the IDE Services Server. However, it will use them as a stub and authorization requests will be handled on the custom layer side.
The Toolbox App and IDEs
To support authorization, you need to either patch the original machine-config.json or replace the file with a new one automatically (see Set up IDE Services on developer machines). In the machine-config.json file, specify the following parameter:
The Toolbox App will use the provided value and will never ask for explicit login.