• Installation
• Setup the Build.One Screen Login configured
• Environment Variables
• LDAPS Setup
• OIDC Setup
• Setup on the Secureable instance
• Setup on Azure AD
• Operating Build.One locally (no Gitpod, no Portainer)
• Documentation

Installation

Setup the Build.One Screen Login configured

• Default Build.one login remains also known as local login of the users like axadmin configured in the Build.One backend

To enable alternative Login you can configure this per environment, the login screen to support multiple options is akioma.login.ts checking on getAllowedAuthentication based on environment variables.

The possible values for allowed authentication: AkiomaUser,ActiveDirectory,AzureActiveDirectory,AppDirect,Secureable

Environment Variables

Edit in: src/backend/env.local

In order to use secureable as an authentication source, several environment variables will be needed to be set before the pasoe server is started. These are

PASOE_LOGIN_MODEL=oauth2

ALLOWED_AUTHENTICATION=Secureable

AUTHENTICATION_URI=https://<secureable_url>

LDAPS Setup

In order to use LDAPS for authentication, an authentication provider will need to be set up. In order to do this, an admin user will need to log into secureable (admin@securable, password is showm on system initialization)

Providers->LDAP / Active Directory New Enter service name, description. Domain is the pasoe domain to create the client-principle for customer will have to supply the Url, binddn, userdn and password as appropriate for their system Save

A user can now login as <username>@<domain> and will be authenticated by secureable in swat.

OIDC Setup

To support your existing AD login, allows for SSO and enable control against who can authenticate against your Build.One application.

OIDC Azure Login the Login enables an additional login option through Azure, see experience similar as to https://secureable.build.one/signin where clicking on the Azure logo allows you to login.

Setup on the Secureable instance

Setup on Azure AD

Setup on Secureable on Build.One app

Operating Build.One locally (no Gitpod, no Portainer)

If customer is not using Build.One containers, also one needs to modify the oeablSecurity.properties file. As this is a client file, we can only supply a sample that they will have to adjust their file to match

Some of these changes include

client.login.model=${PASOE_LOGIN_MODEL}
jwtToken.keystore.jwkurl=${AUTHENTICATION_URI}/v1/identity/oidc/.well-known/keys
oauth2.resSvc.tokenServices=oauth2
oauth2.resSvc.audience=jdT9AiVGsnNf5kOXuwqMTNEVJ0
oauth2.resSvc.realmName=oeoauth

Other changes may be needed - but that depends on customer configuration.

Please Sample oeablSecurity.properties for a sample file from Build.One.

Customer will also have to modify the oeablSecurityJWT.csv file to match their API paths with the security models they need.

Please see Sample oeablSecurityJWT.csv file for a sample file from from Build.One stack.

Documentation

To find more information, you can check the following documentation.

Security-Hub (Formerly known as secureable)

Back to Use Cases

Back to Home Page