Wyn Enterprise: Configure Identity Server

This page describes how to configure the identity server based on the type of identity server providers. Identity server providers are used to authorize and authenticate Wyn service.

The Wyn Enterprise supports three types of identity server providers

  • Server
  • Portal
  • External

    The only difference between these providers is the location of identity service. Let us see how an identity server is configured based on different providers.

Server

By default, the identity server is embedded in the Server module. To use this identity server provider,

  1. Set the IdentityServer:Provider to Server, and provide the identity server data storage information under the Server configuration node.
<IdentityServer>
  <Provider>Server</Provider>
  <StorageType>Postgres</StorageType>
  <ConnectionString>Host=localhost;Port=5444;UserName=wyn-enterprise;Password=Wr8TGfe2r0;Database=wynis;</ConnectionString>
</IdentityServer>
  1. Enable the ShareCookie option both under the Server and Portal nodes in order to give the ability of Portal to consume the cookies generated by Server.
<Cookie>
  <ShareCookie>true</ShareCookie>
  <CookieName>wyn.sc</CookieName>
  <SameSite>Lax</SameSite>
  <DataProtectionKey>ifioEFEF8y8Fy3fp</DataProtectionKey>
  <Secure>false</Secure>
</Cookie>

Note: The CookieName and the DataProtectionKey in Server node must be identical to that in Portal node, and the Secure option should be true if you deploy Wyn over the HTTPS protocol.

  1. Provide the same configuration under the Portal configuration node to specify that Server will take over the identity service related transactions.
<IdentityServer>
  <Provider>Server</Provider>
</IdentityServer>
<Cookie>
  <ShareCookie>true</ShareCookie>
  <CookieName>wyn.sc</CookieName>
  <SameSite>Lax</SameSite>
  <DataProtectionKey>ifioEFEF8y8Fy3fp</DataProtectionKey>
  <Secure>false</Secure>
</Cookie>
  1. Modify the identity server's URL to the server's URL.
<GlobalSettings>
  <IdentityServerUrl>http://localhost:51981</IdentityServerUrl>
</GlobalSettings>

Portal

As the name suggests, the identity server is embedded in the Portal module if you set the IdentityServer:Provider to Portal. To use this identity server provider,

  1. Set the IdentityServer:Provider option to Portal, and provide the data storage information under the Portal configuration node.
<IdentityServer>
  <Provider>Portal</Provider>
  <StorageType>Postgres</StorageType>
  <ConnectionString>Host=localhost;Port=5444;UserName=wyn-enterprise;Password=Wr8TGfe2r0;Database=wynis;</ConnectionString>
</IdentityServer>
  1. Disable the ShareCookie option.
<Cookie>
  <ShareCookie>false</ShareCookie>
  <Secure>false</Secure>
</Cookie>

Note: You should set the Secure option to true if you deploy Wyn over the HTTPS protocol.

  1. Provide the same configuration under the Server configuration node to specify that Portal will take over the identity service related transactions.
<IdentityServer>
  <Provider>Portal</Provider>
</IdentityServer>
<Cookie>
  <ShareCookie>false</ShareCookie>
  <Secure>false</Secure>
</Cookie>
  1. Modify the identity server's URL to the portal's URL.
<GlobalSettings>
  <IdentityServerUrl>http://localhost:51980</IdentityServerUrl>
</GlobalSettings>

External

You should deploy a standalone identity server when you set the identity server provider to External. This type of identity server provider cannot be configured in configuration file "Wyn.conf" since our installer does not support installing a standalone identity server. Instead, this type of identity server provider should be configured in the "appsettings.json" file located here - C:\Program Files\Wyn Enterprise\Portal\.

Server configuration

"IdentityServer":
{
  "Provider": "external", // available values: 'External', 'Server' and 'Portal'
  "Url": "http://localhost:5000",
},
"Cookie": {
  "ShareCookie": false,
  "Secure": false
}

Portal configuration

"IdentityServer":
{
  "Provider": "external", // available values: 'External', 'Server', 'Portal'
  "Url": "http://localhost:5000",
},
"Cookie": {
  "ShareCookie": false,
  "Secure": false
}

Identity server configuration

"IdentityServer": {
  "Url": "http://localhost:5000",
  "StorageType": "Postgres",
  "ConnectionString": "Host=localhost;Port=5432;Database=wynis;UserName=postgres;Password=postgres;"
}

Caution: The security providers should be placed in folder:
     - "C:\Program Files\Wyn Enterprise\Server\SecurityProviders" if the identity server provider is "Server"
     - "C:\Program Files\Wyn Enterprise\Portal\SecurityProviders" if the identity server provider is "Portal".