From SSO to Internal - Fluid Topics

From SSO to Internal - Fluid Topics - 3.7

Fluid Topics Integration Guide

Operating system

Debian

Category

Reference Guides

Audience

public

Version

3.7

It is possible to migrate user information from an SSO authentication realm to an internal authentication realm as follows:

In the conf.json configuration file, add the "overridesUserFromRealm" property in the chosen "realms" parameter of the "authentication" object as in the following example:

{
  "ui": {
    "authentication": {
      "realms": [
        {
          "type": "internal",
          "name": "our-users"
          "configuration": {
            "overridesUserFromRealm": "google-auth"
          }
        },
        {
          "type": "google",
          "name": "google-auth",
          "configuration": {
            "key": "1234567890.apps.googleusercontent.com",
            "secret": "jlhkjfyiu7-654GV-JG65ghf"
          }
        }
      ]
    }
  }
}

In this example, the "our-users" realm will retrieve user information from the "google-auth" realm the next time the user signs in. So, if the "google-auth" database contains a profile with the "myname@gmail.com" account, and the authentication is configured as described above, when the user with the "myname@gmail.com" account signs in for the first time through the internal realm, all previous data from the SSO realm will be reassociated to this newly created "our-users" profile. If no user is found with the matching email address, a new user will simply be created.

For internal realms, the override only takes effect if the following criteria is met:

The new user is created by an ADMIN in the Manage users administration interface.
The registration is in VERIFIED mode, and the new user has activated their account.

The override does not take effect if registration is OPEN.

The static and root realms do not support this feature. If used, the "overridesUserFromRealm" configuration parameter will be ignored.