This page explains how to configure Delegated Authentication with Kiuwan, also known as Centralized Authentication. In this setup, Kiuwan delegates user authentication to an external system.
The process involves the following steps:
-
Log in to Kiuwan
Instead of accessing www.kiuwan.com, log in through a custom URL within your domain, such as http://www.yourdomain.com/kiuwan or http://kiuwan.yourdomain.com -
User identification
Your authentication service application receives the login request and delegates the authentication process to an external system, like Active Directory, LDAP, or another identity provider. -
Redirect to kiuwan.com with a token
- Once the external system successfully authenticates the user, the authentication service application generates a JWT. This token includes the encrypted username, using a secret key that you configure in your Kiuwan account settings.
- The authentication service redirects the user's browser to kiuwan.com, passing along the JWT token.
-
Authentication Request
Kiuwan verifies the token and grants the user access to the requested resources.
Kiuwan provides a sample authentication service application to help you get started kiuwan/kiuwan-local-authentication). This sample uses Tomcat (tomcat-users.xml) for authentication, but can be adapted to work with any external authentication system. You can find details on how to set it up here.