Oracle® Communications WebRTC Session Controller System Administrator's Guide Release 7.0 E40973-01 |
|
|
PDF · Mobi · ePub |
This chapter describes WebRTC Session Controller authentication schemes and the steps to configure them.
Before WebRTC Session Controller can process any signaling traffic, you must configure an authentication scheme.
WebRTC Session Controller provides out of the box support for these authentication schemes:
Guest authentication
This scheme allows anonymous guest access to WebRTC Session Controller.
HTTP authentication
This provider sends a HTTP GET request to a remote HTTP endpoint (for instance, a Representational State Transformation (REST) endpoint) using HTTP BASIC authentication headers. A return code of 200 indications that authentication was successful.
OAuth 2.0 authentication
This authentication scheme lets you leverage OAuth 2.0 authentication support provided by companies such as Facebook or Google, and lets WebRTC Session Controller retrieve user information such as an email address, with the consent of that user.
The following sections describe the configuration steps for each of those authentication schemes.
To provision guest access for WebRTC Session Controller, you must configure settings in the WebLogic Administration Console and then define a new WebRTC Session Controller application in the WebRTC Session Controller console.
To configure the WebLogic Server guest access provider:
Start your Signaling Engine servers if they are not already running. See Oracle Communications WebRTC Session Controller Installation Guide for more information.
Navigate to the WebLogic Server Administration Console and log in with your administrator user name and password:
http://host:port/console
where host is the name of your WebRTC Session Controller server and port is the Administration Console access port.
Note:
The default Administration Console port is 7001.In the Domain Structure pane, select Security Realms.
Click myrealm in the Realms table.
Click the Providers tab and then click New.
Enter a name in the Name text box, in the Type drop down list, select WscServletAuthenticator, and click OK.
Click the newly created authentication provider in the list of Authentication Providers, and click the Provider Specific tab.
Make a note of the Guest Uri Match Pattern. The default is /ws/webrtc/guest.
Navigate back to the myrealm Providers tab, and in the list of Authentication Providers, click DefaultAuthenticator.
Select the Common tab, choose OPTIONAL in the Control Flag drop down list, and click Save.
Log out of the WebLogic administration interface.
Continue to "Configuring the WebRTC Session Controller Guest Access Application".
For more details on WebRTC Session Controller application configuration options, see the discussion on creating applications in Oracle Communications WebRTC Session Controller Extension Developer's Guide.To configure the WebRTC Session Controller guest access application:
Navigate to the WebRTC Session Controller console and log in with your administrator user name and password:
http://host:port/wsc-console
where host is the name of your WebRTC Session Controller server and port is the Administration Console access port.
Note:
The default Signaling Engine console port is 7001.Select the Applications tab.
Click Lock and Edit.
Click Create.
Enter a name for the application in Create Application and click OK.
In the Request URI text box, enter the URI that you noted in "Configuring the WebLogic Server Guest Access Provider". The default value is /ws/webrtc/guest.
Enter guest for the Security Group.
Enter * for Allowed Domains, or customize as your deployment requires.
Choose call, message_notification, and register for the Packages.
Click Commit.
Restart WebRTC Session Controller.
To provision HTTP access for WebRTC Session Controller, you must configure settings in the WebLogic Administration Console and then define a new WebRTC Session Controller application in the WebRTC Session Controller console.
In addition you must have your own HTTP endpoint defined to handle authentication requests.
To configure the WebLogic Server HTTP access provider:
Start your Signaling Engine servers if they are not already running. See Oracle Communications WebRTC Session Controller Installation Guide for more information.
Navigate to the WebLogic Server Administration Console and log in with your administrator user name and password:
http://host:port/console
where host is the name of your WebRTC Session Controller server and port is the Administration Console access port.
Note:
The default Administration Console port is 7001.In the Domain Structure pane, select Security Realms.
Click myrealm in the Realms table.
Click the Providers tab and then click New.
Enter a name in the Name text box, in the Type drop down list, select WscRestAuthenticator, and click OK.
Click the newly created authentication provider in the list of Authentication Providers, and click the Provider Specific tab.
Enter a Group name to associate a group with authentication requests rather than individual user names. Make a note of this group name.
To enable authentication over http, check Allow Http. By default, only https is allowed.
Enter your REST endpoint in the Rest End Point Uri text box and click Save.
Log out of the WebLogic administration interface.
Continue to "Configuring the WebRTC Session Controller HTTP Access Application".
For more details on WebRTC Session Controller application configuration options, see the discussion on creating applications in Oracle Communications WebRTC Session Controller Extension Developer's Guide.
To configure the WebRTC Session Controller HTTP access application:
Navigate to the WebRTC Session Controller console and log in with your administrator user name and password:
http://host:port/wsc-console
where host is the name of your WebRTC Session Controller server and port is the Administration Console access port.
Note:
The default Signaling Engine console port is 7001.Select the Applications tab.
Click Lock and Edit.
Click Create.
In Create Application, enter a name for the application.
Click OK.
In the Request URI text box, enter the URI endpoint that you want WebRTC applications to use to access WebRTC Session Controller.
Enter the group name you defined in "Configuring the WebLogic Server HTTP Authentication Provider" for the Security Group.
Click the pencil icon under Allowed Domains.
In the Allowed Domains window, enter * to allow all domains, or customize as your deployment requires.
Click OK.
Click the pencil icon under Packages.
In the Packages window, select the call, message_notification, and register packages and move them to Selected Packages.
Click OK.
Click Commit.
To provision OAuth access for WebRTC Session Controller, you must configure settings in the WebLogic Administration Console and then define a new WebRTC Session Controller application in the WebRTC Session Controller console.
In addition you must procure a developer's account from the provider from whom you want to leverage OAuth authentication services and obtain the following information:
The OAuth service provider's OAuth user information URI
An OAuth client ID supplied to you by the OAuth service provider
The service provider's OAuth server URI
Your OAuth client secret, defined when you create your account with your OAuth service provider
To configure the WebLogic Server REST access provider:
Start your Signaling Engine servers if they are not already running. See Oracle Communications WebRTC Session Controller Installation Guide for more information.
Navigate to the WebLogic Server Administration Console and log in with your administrator user name and password:
http://host:port/console
where host is the name of your WebRTC Session Controller server and port is the Administration Console access port.
Note:
The default Administration Console port is 7001.In the Domain Structure pane, select Security Realms.
Click myrealm in the Realms table.
Click the Providers tab and then click New.
Enter a name in the Name text box, in the Type drop down list, select WscServletAuthenticator, and click OK.
The console creates the new provider and returns to the Authentication Providers table.
Note:
The WscServletAuthenticator must be deployed to enable OAuth security authentication, but it does not need to be further configured.Click New.
Enter a name in the Name text box, in the Type drop down list, select WscOAuthIdentityAsserter, and click OK.
Click the newly created authentication provider in the list of Authentication Providers.
Assign an access token to the provider in Active Types and click Save.
If you are provisioning multiple OAuth authentication sources, for example, Facebook, Google, and Microsoft, you should select a different OAuth token for each in the Active Types list.
WARNING:
The user interface will let you select multiple OAuth tokens for a single provider. Only select a single token for each OAuth provider you provision.
Select the Provider Specific tab and enter the following information as described in Table 4-1.
Table 4-1 OAuth Provider Specific Attributes
Attribute Name | Attribute Description |
---|---|
Group Name |
Required. A group name used to associate a group with authentication requests. Specifying a group name allows both the user name and group name to be available in the authenticated subject. Make a note of this group name. |
OAuth User Info Uri |
Required. The OAuth providers URI that provides user information. |
Proxy Port |
Optional. The proxy port used to connect to the OAuth server. |
OAuth Client ID |
Required. The OAuth client ID provided to you by your OAuth service provider. |
OAuth Server Uri |
Required. The URI of your OAuth service provider's OAuth server which issues access tokens. |
OAuth Redirect Uri |
Optional. The URI to which the browser is re-directed after successful authentication by the OAuth provider. |
OAuth Client Secret |
Required. The OAuth client secret provided to you by your OAuth provider. |
Proxy Server |
Optional. The proxy URI used to connect to the OAuth server. |
Click Save.
Log out of the WebLogic administration interface.
Continue to "Configuring the WebRTC Session Controller OAuth Access Application".
For more details on WebRTC Session Controller application configuration options, see the discussion on creating applications in Oracle Communications WebRTC Session Controller Extension Developer's Guide.
To configure the WebRTC Session Controller OAuth access application:
Navigate to the WebRTC Session Controller console and log in with your administrator user name and password:
http://host:port/wsc-console
where host is the name of your WebRTC Session Controller server and port is the Administration Console access port.
Note:
The default Signaling Engine console port is 7001.Select the Applications tab.
Click Lock and Edit.
Click Create.
Enter a name for the application in Create Application and click OK.
In the Description text box, enter a description for your applicaiton.
In the Request URI text box, enter the URI endpoint that you want WebRTC applications to use to access WebRTC Session Controller.
In the Security Group text box, enter the group name you defined in "Configuring the WebLogic Server OAuth Access Provider".
Click the pencil icon under Allowed Domains.
In the Allowed Domains window, enter * to allow all domains, or customize as your deployment requires.
Click OK.
Click the pencil icon under Packages.
In the Packages window, select the call, message_notification, and register packages and move them to Selected Packages.
Click OK.
Click Commit.
Restart WebRTC Session Controller.