Hi @Katsuhito Inoue ,
With the end of life of the Integration for Single Sign-On and in particular OnBase Entrust, the use of the tool will no longer be available. Therefore an alternate solution must be investigated.
Something to keep in mind is that there is a difference between authentication and authorization. Authentication validates the user is who they say they are and authorization is the assigning of permissions. OnBase Entrust never performed authorization. It only passed the authenticated user allowing OnBase to perform the authorization and granting permissions based on user group assignment. In fact OnBase Entrust worked on the assumption that the user was already authenticated via a third party application that is passing the user to OnBase.
As an embedded adapter in the OAuth2.0 authentication server, I imagine that it could also reference the employee DB of the customer.
However, we expect it to be more cumbersome and expensive than "OnBase Entrust" because customers will need to build an authentication server for OnBase only.
OnBase will need to authenticate the user in some way. There is no mechanism to accept an already authenticated user like with OnBase Entrust. There are plans for future investigation into this feature, but it is not currently available. Further, the Hyland IDP will require the user to authenticate, however it does not require authorization (e.g. you can disable User Provisioning which will only authenticate the user against the third party identity provider).
I thought there was a way to generate and redirect the SessionID of the AppNet/login.aspx parameter in a front application like "OnBase Entrust."
I'm not aware of how you would do this. Regardless, for it to work would require a user's SessionID which is generated from the OnBase Application Server based on an authenticated user successfully logging in to OnBase.
Take care.
