...
| Erweitern | ||
|---|---|---|
| ||
This section provides insights into the oAuth protocoll and how to use it for hotelkit together with the user synchronization. |
...
Scenario
The partner acts as an identity provider in a Single Sign On scenario implemented with OAuth 2.0. An authorization server is provided by the partner that hotelkit authenticates its user against.
...
Setup of partner – configuration of authentification details
Login process
Creating user
Updating user
Deleting user
Setup of Partner
In the initial phase, the partner will be defined as the identity provider by hotelkit. As a result, the partner is granted all the needed functionality. Every other aspect of the configuration can be done and changed by the partner. However, to ensure the best integration the initial configuration should be done in cooperation with hotelkit staff.
The configuration is done via the PUT /setup/partner endpoint. Authorization server, the client_id – that identifies hotelkit on that server – and configuration about deactivated functionality within hotelkit itself can be done here. Especially the configuration of the functionality should be discussed with hotelkit beforehand.
Detailed information about each attribute can be found in the endpoint description.
...
Login process
The user handling (creating/updating/deleting users) is part of User Synchronization and User Synchronisation for Multi-property Cases.
Login Process
One of the main benefits of Single SignOn is that the user does not need a separate authentication but can authenticate at the identity provider. Based on “RFC 6749 – The OAuth 2.0 Authorization Framework” the login process at hotelkit with an authorization server is presented:
...
A more detailed description of how to create users is available in “User synchronisation”User Synchronization .
It starts with an unidentified user (resource owner) requests a resource from hotelkit. Hotelkit (Client) identifies the identification provider and returns the URL of the according authorization server (partner). This url must be set prior to the request at partner.sso.authorizationServer.
The user will be forwarded to the authorization server where he authenticates itself against the identity provider. The identity provider responds with an authToken. Hotelkit then validates this authToken at the identity provider and will be returned with user attributes.
...