Authentication profile

Global authentication profile contains Relativity authentication providers. Authentication providers allow you to configure the specific settings for a login protocol. For example, you can add the password provider to your environment which allows you to set minimum and maximum password length, password history settings, and more. Some protocols have multiple configuration options, while others have very few. You can have one instance of a Provider in the environment for Password, Integrated Authentication, Active Directory, RSA, and Client Certificate.

You can programmatically interact with authentication providers using the IAuthProfileManager interface. You can also use the Auth Profile Manager REST service for cross-platform and browser-based applications.

This page contains the following information:

See these related pages:

Authentication profile fundamentals

Before programmatically interacting with authentication providers, familiarize yourself with the Relativity authentication provider user interface and review the information in the Relativity Documentation site. Note there is a strong correlation between the API operations and object properties and the user interface elements.

Use these guidelines when working with authentication providers:

  • To access the IAuthProfileManager interface, add the Relativity.Services.Interfaces.dll reference to your Visual Studio project. The file can be found in the Relativity SDK. For more information, see Set up your development environment.
  • The user must have the permissions required for working with Relativity authentication providers.
  • You can interact with the providers through the global authentication profile. The profile is the collection of all the providers in the environment.
  • There can only be one provider instance of the following provider types: Password, RSA, Active Direct, Integrated and, Client Certificate. Creating a new provider instance of these types will override the previous.

Get the global profile

To read the global profile, call the GetGlobalProfileAsync() method of the IAuthProfileManager interface:

  Relativity.Services.Security.Models.AuthProfile globalProfile = await client.GetGlobalProfileAsync();

Example

To update the global profile:

  1. Call the GetGlobalProfileAsync() method of the IAuthProfileManager interface.
      Relativity.Services.Security.Models.AuthProfile globalProfile = await client.GetGlobalProfileAsync();
  2. Make any updates required to the profile by setting the properties of individual authentication providers.
    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    globalProfile.Password = new Relativity.Services.Security.Models.PasswordProvider()
    {
        //Required
        AdditionalWorkFactor = 2,
        AllowEmailPasswordRecovery = true,
        IsEnabled = true,
        MaximumInvalidLoginAttempts = 11,
        MaximumPasswordAgeInDaysDefaultValue = 30,
        MaximumPasswordHistory = 5,
        MaximumPasswordLength = 25,
        MinimumPasswordLength = 8,
        Name = "My Password Provider",
        PasswordRecoveryRequestLimit = 10,
        UsersCanChangePasswordDefaultValue = true
    };
  3. Finally, call the SaveProfileAsync method of the IAuthProfileManager interface to complete the update.
    1
    2
    3
    Relativity.Services.Security.Models.AuthProfile globalProfile = await client.GetGlobalProfileAsync();
    //Make some Updates...
    await client.SaveProfileAsync(globalProfile);

The SAML2Provider object Issuer property is a String type.

1
2
3
4
5
6
7
8
9
10
var provider = new SAML2Provider()
{
    Name = "Example provider",
    Description = "example",
    IsEnabled = true,
    Issuer = "https://example.issuer.com/",
    Audience = "example",
    RedirectUri = new Uri("https://example.redirect.com/"),
    Certificate = CERT_STRING,
};

Auth Profile Manager REST service

The Auth Profile Manager service allows you to interact with authentication provider from browser-based and cross-platform applications. The service provides the same set of operations as the IAuthProfileManager .NET interface - get and update the global profile.

Get the global profile

To get the global profile, send a POST request to the following Auth Profile Manager service URL:

  <host>/Relativity.REST/api/Relativity.Services.Security.ISecurityModule/Auth Profile Manager/GetGlobalProfileAsync

Sample JSON response:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
{
  "Id": 1,
  "SiteUri": "http://localhost/relativity",
  "IsGlobal": true,
  "Description": "Global Authentication Profile",
  "Password": {
    "Name": "My Password Provider",
    "IsEnabled": true,
    "MinimumPasswordLength": 8,
    "MaximumPasswordLength": 25,
    "MaximumPasswordAgeInDaysDefaultValue": 30,
    "UsersCanChangePasswordDefaultValue": true,
    "AllowEmailPasswordRecovery": true,
    "PasswordRecoveryRequestLimit": 10,
    "MaximumPasswordHistory": 5,
    "MaximumInvalidLoginAttempts": 11,
    "AdditionalWorkFactor": 2
  },
  "IntegratedAuthentication": {
    "Name": "My Integrated Authentication Provider",
    "IsEnabled": true
  },
  "ActiveDirectory": {
    "Name": "My Active Directory Provider",
    "IsEnabled": true
  },
  "ClientCertificate": {
    "Name": "My Client Certificate Provider",
    "Description": "",
    "IsEnabled": true,
    "DisplayOnLoginPage": true,
    "Caption": "Click here to login with your smart card"
  },
  "RSA": {
    "Name": "My RSA Provider",
    "IsEnabled": true
  },
  "OpenIdConnectProviders": [
    {
      "Name": "Azure Active Directory Provider",
      "Description": "",
      "IsEnabled": true,
      "DisplayOnLoginPage": true,
      "Caption": "Click here to login with Azure Active Directory",
      "ClientId": "e511dffc-9ef8-4a11-9cb3-4c28c9270dbd",
      "Authority": "https://login.microsoftonline.com/8a3fa923-3223-4978-9d4d-fa012e19898b/",
      "Flow": "Implicit",
      "RedirectUri": "http://localhost:80/relativity/Identity/74AB5F274283F263EC774F1B9089A73F4B13F323",
      "SubjectClaimType": "oid",
      "Scopes" : "openid email"
    }
  ],
  "SAML2Providers": [
    {
      "Name": "Okta",
      "Description": "",
      "IsEnabled": true,
      "Issuer": "http://www.okta.com/exk6fmz3wwrKgKTIQ0h7",
      "Audience": "DevBoxText",
      "RedirectUri": "http://localhost:80/relativity/Identity/F27EDA0D1A028B5A7760FB5460241F288961C50D",
      "Certificate": "-----BEGIN CERTIFICATE-----\r\nMIIDmjCCAoKgAwIBAgIGAUsUVd/yMA0GCSqGSIb3DQEBBQUAMIGNMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzENMAsGA1UECgwET2t0YTEUMBIGA1UECwwLU1NPUHJvdmlkZXIxDjAMBgNVBAMMBWtjdXJhMRwwGgYJKoZIhvcNAQkBFg1pbmZvQG9rdGEuY29tMB4XDTE1MDEyMzAxMDgwN1oXDTQ1MDEyMzAxMDkwN1owgY0xCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1TYW4gRnJhbmNpc2NvMQ0wCwYDVQQKDARPa3RhMRQwEgYDVQQLDAtTU09Qcm92aWRlcjEOMAwGA1UEAwwFa2N1cmExHDAaBgkqhkiG9w0BCQEWDWluZm9Ab2t0YS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDNfXqI5by9TIULmt9cEaLomnlDjgqqbgOflgzT7yz9koJEtEb67n+5h4ZeFocghHcXlchGRAPSdEqHV4aAiR/7kX0EG5hac4alBWGAmF4gwz79bzATssCEaTSMyaa2JvRRSWltuGFDv9r5HznZwb6IGwGOxK7SWCGn8Wy2iMpneQJbbJVgk53yuHjO5kfAwVM2cMiY3seib1l2A6xYbWzoan2726Lefcs53EvnGOqnBl1xGvkxHo/GSYBG7eDpgUBhssy+nB8/v5qQnb2hc3yV+X8o6fVcaykHnmuywXt/j6J1Y1O/YBThjhV/jDw+LRbguwVYbrhrF4AHMeF9HB/9AgMBAAEwDQYJKoZIhvcNAQEFBQADggEBAF1xHSmkNWTlWQpx8zJemyWzBJX12XBSa86ZoSCUu61PVfF13yg6dg1mW3EY7WrOkDggi2bujqFZKGa5vvLlQNkyGhr+2PQ9BykYFduSZWUHvV+v4oxNVzdHs+/h06PURK+hwtnssQyvONlc3Qr79eHHpIlZWcV5ZIjMFDJQQ9q4rqc6F8mULUrFf83pJ/286XcMC+jaAkkxdhIeR0Isia+zgUgc4kHiH+NTMND29sp4IdOFKu7bteH5NiWfD+PAG1RX3pjVHRXUZiUHuIZHQidy3HYY0lkA2vYz6+6u/+UZWLsoL0lJeomS+LVQ/mcK9mnT/H8zmJmJz+mkcfSyu6k=-----END CERTIFICATE-----"
    }
  ]
}

Update the global profile

To update the global profile, send a POST request to this Auth Manager service URL:

  <host>/Relativity.REST/api/Relativity.Services.Security.ISecurityModule/Auth Profile Manager/SaveProfileAsync

The following is a sample JSON request payload for updating the global profile with each provider type:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
{
  "profile": {
    "Id": 1,
    "SiteUri": "http://localhost/relativity",
    "IsGlobal": true,
    "Description": "Global Authentication Profile",
    "Password": {
      "Name": "My Password Provider",
      "IsEnabled": true,
      "MinimumPasswordLength": 8,
      "MaximumPasswordLength": 25,
      "MaximumPasswordAgeInDaysDefaultValue": 30,
      "UsersCanChangePasswordDefaultValue": true,
      "AllowEmailPasswordRecovery": true,
      "PasswordRecoveryRequestLimit": 10,
      "MaximumPasswordHistory": 5,
      "MaximumInvalidLoginAttempts": 11,
      "AdditionalWorkFactor": 2
    },
    "IntegratedAuthentication": {
      "Name": "My Integrated Authentication Provider",
      "IsEnabled": true
    },
    "ActiveDirectory": {
      "Name": "My Active Directory Provider",
      "IsEnabled": true
    },
    "ClientCertificate": {
      "Name": "My Client Certificate Provider",
      "Description": "",
      "IsEnabled": true,
      "DisplayOnLoginPage": true,
      "Caption": "Click here to login with your smart card"
    },
    "RSA": {
      "Name": "My RSA Provider",
      "IsEnabled": true
    },
    "OpenIdConnectProviders": [
      {
        "Name": "Azure Active Directory Provider",
        "Description": "",
        "IsEnabled": true,
        "DisplayOnLoginPage": true,
        "Caption": "Click here to login with Azure Active Directory",
        "ClientId": "e511dffc-9ef8-4a11-9cb3-4c28c9270dbd",
        "Authority": "https://login.microsoftonline.com/8a3fa923-3223-4978-9d4d-fa012e19898b/",
        "Flow": "Implicit",
        "RedirectUri": "http://localhost:80/relativity/Identity/74AB5F274283F263EC774F1B9089A73F4B13F323",
        "SubjectClaimType": "oid",
        "Scopes" : "openid email"
      }
    ],
    "SAML2Providers": [
      {
        "Name": "Okta",
        "Description": "",
        "IsEnabled": true,
        "Issuer": "http://www.okta.com/exk6fmz3wwrKgKTIQ0h7",
        "Audience": "DevBoxText",
        "RedirectUri": "http://localhost:80/relativity/Identity/F27EDA0D1A028B5A7760FB5460241F288961C50D",
        "Certificate": "-----BEGIN CERTIFICATE-----\r\nMIIDmjCCAoKgAwIBAgIGAUsUVd/yMA0GCSqGSIb3DQEBBQUAMIGNMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzENMAsGA1UECgwET2t0YTEUMBIGA1UECwwLU1NPUHJvdmlkZXIxDjAMBgNVBAMMBWtjdXJhMRwwGgYJKoZIhvcNAQkBFg1pbmZvQG9rdGEuY29tMB4XDTE1MDEyMzAxMDgwN1oXDTQ1MDEyMzAxMDkwN1owgY0xCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1TYW4gRnJhbmNpc2NvMQ0wCwYDVQQKDARPa3RhMRQwEgYDVQQLDAtTU09Qcm92aWRlcjEOMAwGA1UEAwwFa2N1cmExHDAaBgkqhkiG9w0BCQEWDWluZm9Ab2t0YS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDNfXqI5by9TIULmt9cEaLomnlDjgqqbgOflgzT7yz9koJEtEb67n+5h4ZeFocghHcXlchGRAPSdEqHV4aAiR/7kX0EG5hac4alBWGAmF4gwz79bzATssCEaTSMyaa2JvRRSWltuGFDv9r5HznZwb6IGwGOxK7SWCGn8Wy2iMpneQJbbJVgk53yuHjO5kfAwVM2cMiY3seib1l2A6xYbWzoan2726Lefcs53EvnGOqnBl1xGvkxHo/GSYBG7eDpgUBhssy+nB8/v5qQnb2hc3yV+X8o6fVcaykHnmuywXt/j6J1Y1O/YBThjhV/jDw+LRbguwVYbrhrF4AHMeF9HB/9AgMBAAEwDQYJKoZIhvcNAQEFBQADggEBAF1xHSmkNWTlWQpx8zJemyWzBJX12XBSa86ZoSCUu61PVfF13yg6dg1mW3EY7WrOkDggi2bujqFZKGa5vvLlQNkyGhr+2PQ9BykYFduSZWUHvV+v4oxNVzdHs+/h06PURK+hwtnssQyvONlc3Qr79eHHpIlZWcV5ZIjMFDJQQ9q4rqc6F8mULUrFf83pJ/286XcMC+jaAkkxdhIeR0Isia+zgUgc4kHiH+NTMND29sp4IdOFKu7bteH5NiWfD+PAG1RX3pjVHRXUZiUHuIZHQidy3HYY0lkA2vYz6+6u/+UZWLsoL0lJeomS+LVQ/mcK9mnT/H8zmJmJz+mkcfSyu6k=-----END CERTIFICATE-----"
      }
    ]
  }
}