Logo

    Home

    Documentation

    Use Cases

    Training

    Applications

    Release Notes

    Secureable Single Tenant Self-managed

    Secureable Single Tenant Self-managed

    • Installation
    • Setup the Build.One Screen Login configured
    • Environment Variables
    • LDAPS Setup
    • OIDC Setup
    • Setup on the Secureable instance
    • Setup on Azure AD
    • Operating Build.One locally (no Gitpod, no Portainer)
    • Documentation

    Installation

    Setup the Build.One Screen Login configured

    • Default Build.one login remains also known as local login of the users like axadmin configured in the Build.One backend

    To enable alternative Login you can configure this per environment, the login screen to support multiple options is akioma.login.ts checking on getAllowedAuthentication based on environment variables.

    The possible values for allowed authentication: AkiomaUser,ActiveDirectory,AzureActiveDirectory,AppDirect,Secureable

    Environment Variables

    Edit in: src/backend/env.local

    In order to use secureable as an authentication source, several environment variables will be needed to be set before the pasoe server is started. These are

    PASOE_LOGIN_MODEL=oauth2

    ALLOWED_AUTHENTICATION=Secureable

    AUTHENTICATION_URI=https://<secureable_url>

    LDAPS Setup

    In order to use LDAPS for authentication, an authentication provider will need to be set up. In order to do this, an admin user will need to log into secureable (admin@securable, password is showm on system initialization)

    Providers->LDAP / Active Directory New Enter service name, description. Domain is the pasoe domain to create the client-principle for customer will have to supply the Url, binddn, userdn and password as appropriate for their system Save

    A user can now login as <username>@<domain> and will be authenticated by secureable in swat.

    OIDC Setup

    To support your existing AD login, allows for SSO and enable control against who can authenticate against your Build.One application.

    OIDC Azure Login the Login enables an additional login option through Azure, see experience similar as to https://secureable.build.one/signin where clicking on the Azure logo allows you to login.

    Setup on the Secureable instance

    image
    image

    Setup on Azure AD

    image

    Setup on Secureable on Build.One app

    Operating Build.One locally (no Gitpod, no Portainer)

    If customer is not using Build.One containers, also one needs to modify the oeablSecurity.properties file. As this is a client file, we can only supply a sample that they will have to adjust their file to match

    Some of these changes include

    client.login.model=${PASOE_LOGIN_MODEL}
jwtToken.keystore.jwkurl=${AUTHENTICATION_URI}/v1/identity/oidc/.well-known/keys
oauth2.resSvc.tokenServices=oauth2
oauth2.resSvc.audience=jdT9AiVGsnNf5kOXuwqMTNEVJ0
oauth2.resSvc.realmName=oeoauth

    Other changes may be needed - but that depends on customer configuration.

    Please Sample oeablSecurity.properties for a sample file from Build.One.

    Customer will also have to modify the oeablSecurityJWT.csv file to match their API paths with the security models they need.

    Please see Sample oeablSecurityJWT.csv file for a sample file from from Build.One stack.

    Documentation

    To find more information, you can check the following documentation.

    Security-HubSecurity-Hub

    Back to Use CasesUse Cases

    Back to Home Page

    Logo