Access Control
Security concept
Since version 2.5 Security can be configured for the server and per application separately. Using different user base per application and for admin console access enables easy multi-tenant deployments.
To set up security for the server, use the "Configuration" page in admin console. Application security is part of application's config screen.
Both server and application security use the same configuration options.
First, select the security module from the list of built-in modules.
Available modules
| Module | Description | Public |
|---|---|---|
| INHERITED | Application does not define its own security, but shares security context with server instead. This module is not available on the server. | ☑ |
| NONE | Enables anonymous access to application. No login is required. | ☑ |
| EMBEDDED | Users, passwords and roles are defined directly in webswing.config configuration file. | ☑ |
| PROPERTY_FILE | Users, passwords and roles are defined in the property file. | ☒ |
| DATABASE | Users are stored in database. The library with JDBC driver has to be specified in security module's class path. Database connection details has to be defined. | ☒ |
| OPENID_CONNECT | Single-sign-on using OpenID Connect protocol. | ☒ |
| SAML2 | Single-sign-on using SAML2 protocol. | ☒ |
| KEYCLOAK | Keycloak authentication server integration module. | ☒ |
| Custom module | The custom security module can be created and fully-qualified class name defined. | ☒ |
Advanced security modules are distributed through Webswing Client Portal and are available only to Webswing Customers.
Configuration
Keycloak vs OIDC
OIDC security module, can integrate directly with Keycloak and with other providers, like Okta, Active Directory, Azure. Using the Keycloak module requires definition of the providers as realms in Keycloak.
Keycloak integration is an extension of the OIDC module that allows the setup of multiple realms to be used as identity providers. When user logs-in realm is selected as a url parameter ?realm=master
This is useful in specific use cases where users are forwarded to webswing from different sources or if administrators and users are defined in different places, this way they can be united in one security module.
OpenID Connect with OKTA Configuration
SAML2 with Onelogin
In case you need help with security setup, contact support@webswing.org