Date: Fri, 29 Mar 2024 00:14:34 +0000 (UTC) Message-ID: <979581876.94.1711671274103@node2041-mqi-confluence.web.inetsolutions.cloud> Subject: Exported From Confluence MIME-Version: 1.0 Content-Type: multipart/related; boundary="----=_Part_93_2125011093.1711671274102" ------=_Part_93_2125011093.1711671274102 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Content-Location: file:///C:/exported.html
If you wish, you can set up the same translate5 instance on diff= erent domains and configure for different clients different domains and dif= ferent OpenID servers.
The main domain, under which translate5 runs, is configured in the syste= m configuration under the id runtimeOptions.server.name
By default it is associated to the translate5 client "defaultcustomer" a= nd it is also used for all other clients, users and logins.
Yet, it is possible to run one and the same translate5 instance under mu= ltiple different domains and associate different clients to different domai= ns.
If you want to do this, you have to enter the domain you want to use for= the client in the field "translate5 domain" in the tab "General" of a clie= nt in the client management of translate5. In addition you have to create a= n Apache vhost for this domain, that points to the same document_root as th= e main translate5 domain of your instance.
If you have done this and a user accesses translate5 via the domain asso= ciated to a client,
This way it is possible to use different OpenID IPDs with different clie= nts in the same translate5 instance.
Alternatively, you can use one= OpenID IDP and map users to different clients via a custom field of your I= DP.
To configure translate5 to work with OpenId connect is very simple. Navi= gate to the clients tab in your translate5 instance, and under the OpenId s= ub-tab there are OpenId configuration fields that need to be set.
Fill in the fields with the data as explained below. How to obtain the d= ata of the OpenId Connect server is explained by the Google example further= below.
translate5 domain (in the General tab of the edited client):&nbs= p; the used translate5 instance url/domain. (Google configur= ation example: translate5.net). = Note: do not define the domain with protocol included. Valid definiti= on will be translate5.net, test.translate5.net, translate5.net . = Invalid: http://translate5.net
For more information on how the translate5 domain is used and why it is = important, ple= ase see above.
All other fields exist in the OpenId tab of the edited client)= strong>
OpenId server: OpenId authentication server url. This i= s the URL translate5 redirects users for authentication at the OpenId conne= ct server (Google configuration example: h= ttps://accounts.google.com)
OpenId issuer: OpenId issuer url. In many cases this ur= l is identical with the OPenId server url.
OpenId user name: OpenId authentication server username=
(Google configuration example: "Cl=
ient ID" see image3)
(the user name that allows the openId client application to connect to the =
API of the openId server; do NOT mix this up with the username of the user,=
that wants to authenticate!)
OpenId password: OpenId authentication server password&=
nbsp;(Google configuration example: "Client secret" see image3)
(the password that allows the openId client application to connect to the A=
PI of the openId server; do NOT mix this up with the password of the user, =
that wants to authenticate!)
OpenId OAuth URL: OpenId authentication server OAuth ur=
l. This is the URL translate5 uses in the background to do the server to se=
rver authentication mechanism (Google configuration example:
System Roles: translate5 internal user system roles.
Link text on login page: Label text on the login = page of translate5. A click on it redirects the user to the configured open= id server for authentication, instead of using translate5 for authenticatio= n. If the checbox "Do not show login page" below the field "Link text on lo= gin page" is checked, the user will directly be redirected to the openid se= rver for authentication/authorization and will never see the translate5 log= in page.
Checkbox "Do not show login page: Automatically redirect to Open= ID Connect server": Redirect directly to the SSO authentication pr= ovider.
If a user authenticates, the following steps are done:
By default to what a client a user belongs to, that authenticates via SS= O is defined b= y the URL he/she uses to access translate5.
Yet, you can also configure one OpenID IDP together with translate5, so = that one IDP can authenticate users for different clients within translate5= .
To do this: