Authentication profile

The global authentication profile contains Relativity authentication providers. You can use authentication providers to configure the specific settings for a login protocol. For example, you can add the password provider to your environment to set minimum and maximum password length, password history settings, and more. Some protocols have multiple configuration options, while others have very few. You can have one instance of a Provider in the environment for Password, Integrated Authentication, Active Directory, RSA, and Client Certificate.

You can programmatically interact with authentication providers using the IAuthProfileManager interface. You can also use the Auth Profile Manager REST service for cross-platform and browser-based applications.

This page contains the following information:

See these related pages:

Authentication profile fundamentals

Before programmatically interacting with authentication providers, familiarize yourself with the Relativity authentication provider user interface and review the information in the RelativityOne Documentation site. Note there is a strong correlation between the API operations and object properties and the user interface elements.

Use these guidelines when working with authentication providers:

Get the global profile

To read the global profile, call the GetGlobalProfileAsync() method of the IAuthProfileManager interface:

Relativity.Services.Security.Models.AuthProfile globalProfile = await client.GetGlobalProfileAsync();

Example

To update the global profile:

  1. Call the GetGlobalProfileAsync() method of the IAuthProfileManager interface.
    Relativity.Services.Security.Models.AuthProfile globalProfile = await client.GetGlobalProfileAsync();
  2. Make any updates required to the profile by setting the properties of individual authentication providers.
    globalProfile.Password = new Relativity.Services.Security.Models.PasswordProvider()
    {
        //Required
        AdditionalWorkFactor = 2,
        AllowEmailPasswordRecovery = true,
        IsEnabled = true,
        MaximumInvalidLoginAttempts = 11,
        MaximumPasswordAgeInDaysDefaultValue = 30,
        MaximumPasswordHistory = 5,
        MaximumPasswordLength = 25,
        MinimumPasswordLength = 8,
        Name = "My Password Provider",
        PasswordRecoveryRequestLimit = 10,
        UsersCanChangePasswordDefaultValue = true
    };
  3. Finally, call the SaveProfileAsync method of the IAuthProfileManager interface to complete the update.
    Relativity.Services.Security.Models.AuthProfile globalProfile = await client.GetGlobalProfileAsync();
    //Make some Updates...
    await client.SaveProfileAsync(globalProfile);

The SAML2Provider object Issuer property is a String type.

var provider = new SAML2Provider()
{
    Name = "Example provider",
    Description = "example",
    IsEnabled = true,
    Issuer = "https://example.issuer.com/",
    Audience = "example",
    RedirectUri = new Uri("https://example.redirect.com/"),
    Certificate = CERT_STRING,
};

Auth Profile Manager REST service

The Auth Profile Manager service allows you to interact with authentication provider from browser-based and cross-platform applications. The service provides the same set of operations as the IAuthProfileManager .NET interface - get and update the global profile.

Get the global profile

To get the global profile, send a POST request to the following Auth Profile Manager service URL:

<host>/Relativity.REST/api/Relativity.Services.Security.ISecurityModule/Auth Profile Manager/GetGlobalProfileAsync

Sample JSON response:

{
  "Id": 1,
  "SiteUri": "http://localhost/relativity",
  "IsGlobal": true,
  "Description": "Global Authentication Profile",
  "Password": {
    "Name": "My Password Provider",
    "IsEnabled": true,
    "MinimumPasswordLength": 8,
    "MaximumPasswordLength": 25,
    "MaximumPasswordAgeInDaysDefaultValue": 30,
    "UsersCanChangePasswordDefaultValue": true,
    "AllowEmailPasswordRecovery": true,
    "PasswordRecoveryRequestLimit": 10,
    "MaximumPasswordHistory": 5,
    "MaximumInvalidLoginAttempts": 11,
    "AdditionalWorkFactor": 2
  },
  "IntegratedAuthentication": {
    "Name": "My Integrated Authentication Provider",
    "IsEnabled": true
  },
  "ActiveDirectory": {
    "Name": "My Active Directory Provider",
    "IsEnabled": true
  },
  "ClientCertificate": {
    "Name": "My Client Certificate Provider",
    "Description": "",
    "IsEnabled": true,
    "DisplayOnLoginPage": true,
    "Caption": "Click here to login with your smart card"
  },
  "RSA": {
    "Name": "My RSA Provider",
    "IsEnabled": true
  },
  "OpenIdConnectProviders": [
    {
      "Name": "Azure Active Directory Provider",
      "Description": "",
      "IsEnabled": true,
      "DisplayOnLoginPage": true,
      "Caption": "Click here to login with Azure Active Directory",
      "ClientId": "e511dffc-9ef8-4a11-9cb3-4c28c9270dbd",
      "Authority": "https://login.microsoftonline.com/8a3fa923-3223-4978-9d4d-fa012e19898b/",
      "Flow": "Implicit",
      "RedirectUri": "http://localhost:80/relativity/Identity/74AB5F274283F263EC774F1B9089A73F4B13F323",
      "SubjectClaimType": "oid",
      "Scopes" : "openid email"
    }
  ],
  "SAML2Providers": [
    {
      "Name": "Okta",
      "Description": "",
      "IsEnabled": true,
      "Issuer": "http://www.okta.com/exk6fmz3wwrKgKTIQ0h7",
      "Audience": "DevBoxText",
      "RedirectUri": "http://localhost:80/relativity/Identity/F27EDA0D1A028B5A7760FB5460241F288961C50D",
      "Certificate": "-----BEGIN CERTIFICATE-----\r\nMIIDmjCCAoKgAwIBAgIGAUsUVd/yMA0GCSqGSIb3DQEBBQUAMIGNMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzENMAsGA1UECgwET2t0YTEUMBIGA1UECwwLU1NPUHJvdmlkZXIxDjAMBgNVBAMMBWtjdXJhMRwwGgYJKoZIhvcNAQkBFg1pbmZvQG9rdGEuY29tMB4XDTE1MDEyMzAxMDgwN1oXDTQ1MDEyMzAxMDkwN1owgY0xCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1TYW4gRnJhbmNpc2NvMQ0wCwYDVQQKDARPa3RhMRQwEgYDVQQLDAtTU09Qcm92aWRlcjEOMAwGA1UEAwwFa2N1cmExHDAaBgkqhkiG9w0BCQEWDWluZm9Ab2t0YS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDNfXqI5by9TIULmt9cEaLomnlDjgqqbgOflgzT7yz9koJEtEb67n+5h4ZeFocghHcXlchGRAPSdEqHV4aAiR/7kX0EG5hac4alBWGAmF4gwz79bzATssCEaTSMyaa2JvRRSWltuGFDv9r5HznZwb6IGwGOxK7SWCGn8Wy2iMpneQJbbJVgk53yuHjO5kfAwVM2cMiY3seib1l2A6xYbWzoan2726Lefcs53EvnGOqnBl1xGvkxHo/GSYBG7eDpgUBhssy+nB8/v5qQnb2hc3yV+X8o6fVcaykHnmuywXt/j6J1Y1O/YBThjhV/jDw+LRbguwVYbrhrF4AHMeF9HB/9AgMBAAEwDQYJKoZIhvcNAQEFBQADggEBAF1xHSmkNWTlWQpx8zJemyWzBJX12XBSa86ZoSCUu61PVfF13yg6dg1mW3EY7WrOkDggi2bujqFZKGa5vvLlQNkyGhr+2PQ9BykYFduSZWUHvV+v4oxNVzdHs+/h06PURK+hwtnssQyvONlc3Qr79eHHpIlZWcV5ZIjMFDJQQ9q4rqc6F8mULUrFf83pJ/286XcMC+jaAkkxdhIeR0Isia+zgUgc4kHiH+NTMND29sp4IdOFKu7bteH5NiWfD+PAG1RX3pjVHRXUZiUHuIZHQidy3HYY0lkA2vYz6+6u/+UZWLsoL0lJeomS+LVQ/mcK9mnT/H8zmJmJz+mkcfSyu6k=-----END CERTIFICATE-----"
    }
  ]
}

Update the global profile

To update the global profile, send a POST request to this Auth Manager service URL:

<host>/Relativity.REST/api/Relativity.Services.Security.ISecurityModule/Auth Profile Manager/SaveProfileAsync

The following is a sample JSON request payload for updating the global profile with each provider type:

{
  "profile": {
    "Id": 1,
    "SiteUri": "http://localhost/relativity",
    "IsGlobal": true,
    "Description": "Global Authentication Profile",
    "Password": {
      "Name": "My Password Provider",
      "IsEnabled": true,
      "MinimumPasswordLength": 8,
      "MaximumPasswordLength": 25,
      "MaximumPasswordAgeInDaysDefaultValue": 30,
      "UsersCanChangePasswordDefaultValue": true,
      "AllowEmailPasswordRecovery": true,
      "PasswordRecoveryRequestLimit": 10,
      "MaximumPasswordHistory": 5,
      "MaximumInvalidLoginAttempts": 11,
      "AdditionalWorkFactor": 2
    },
    "IntegratedAuthentication": {
      "Name": "My Integrated Authentication Provider",
      "IsEnabled": true
    },
    "ActiveDirectory": {
      "Name": "My Active Directory Provider",
      "IsEnabled": true
    },
    "ClientCertificate": {
      "Name": "My Client Certificate Provider",
      "Description": "",
      "IsEnabled": true,
      "DisplayOnLoginPage": true,
      "Caption": "Click here to login with your smart card"
    },
    "RSA": {
      "Name": "My RSA Provider",
      "IsEnabled": true
    },
    "OpenIdConnectProviders": [
      {
        "Name": "Azure Active Directory Provider",
        "Description": "",
        "IsEnabled": true,
        "DisplayOnLoginPage": true,
        "Caption": "Click here to login with Azure Active Directory",
        "ClientId": "e511dffc-9ef8-4a11-9cb3-4c28c9270dbd",
        "Authority": "https://login.microsoftonline.com/8a3fa923-3223-4978-9d4d-fa012e19898b/",
        "Flow": "Implicit",
        "RedirectUri": "http://localhost:80/relativity/Identity/74AB5F274283F263EC774F1B9089A73F4B13F323",
        "SubjectClaimType": "oid",
        "Scopes" : "openid email"
      }
    ],
    "SAML2Providers": [
      {
        "Name": "Okta",
        "Description": "",
        "IsEnabled": true,
        "Issuer": "http://www.okta.com/exk6fmz3wwrKgKTIQ0h7",
        "Audience": "DevBoxText",
        "RedirectUri": "http://localhost:80/relativity/Identity/F27EDA0D1A028B5A7760FB5460241F288961C50D",
        "Certificate": "-----BEGIN CERTIFICATE-----\r\nMIIDmjCCAoKgAwIBAgIGAUsUVd/yMA0GCSqGSIb3DQEBBQUAMIGNMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzENMAsGA1UECgwET2t0YTEUMBIGA1UECwwLU1NPUHJvdmlkZXIxDjAMBgNVBAMMBWtjdXJhMRwwGgYJKoZIhvcNAQkBFg1pbmZvQG9rdGEuY29tMB4XDTE1MDEyMzAxMDgwN1oXDTQ1MDEyMzAxMDkwN1owgY0xCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1TYW4gRnJhbmNpc2NvMQ0wCwYDVQQKDARPa3RhMRQwEgYDVQQLDAtTU09Qcm92aWRlcjEOMAwGA1UEAwwFa2N1cmExHDAaBgkqhkiG9w0BCQEWDWluZm9Ab2t0YS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDNfXqI5by9TIULmt9cEaLomnlDjgqqbgOflgzT7yz9koJEtEb67n+5h4ZeFocghHcXlchGRAPSdEqHV4aAiR/7kX0EG5hac4alBWGAmF4gwz79bzATssCEaTSMyaa2JvRRSWltuGFDv9r5HznZwb6IGwGOxK7SWCGn8Wy2iMpneQJbbJVgk53yuHjO5kfAwVM2cMiY3seib1l2A6xYbWzoan2726Lefcs53EvnGOqnBl1xGvkxHo/GSYBG7eDpgUBhssy+nB8/v5qQnb2hc3yV+X8o6fVcaykHnmuywXt/j6J1Y1O/YBThjhV/jDw+LRbguwVYbrhrF4AHMeF9HB/9AgMBAAEwDQYJKoZIhvcNAQEFBQADggEBAF1xHSmkNWTlWQpx8zJemyWzBJX12XBSa86ZoSCUu61PVfF13yg6dg1mW3EY7WrOkDggi2bujqFZKGa5vvLlQNkyGhr+2PQ9BykYFduSZWUHvV+v4oxNVzdHs+/h06PURK+hwtnssQyvONlc3Qr79eHHpIlZWcV5ZIjMFDJQQ9q4rqc6F8mULUrFf83pJ/286XcMC+jaAkkxdhIeR0Isia+zgUgc4kHiH+NTMND29sp4IdOFKu7bteH5NiWfD+PAG1RX3pjVHRXUZiUHuIZHQidy3HYY0lkA2vYz6+6u/+UZWLsoL0lJeomS+LVQ/mcK9mnT/H8zmJmJz+mkcfSyu6k=-----END CERTIFICATE-----"
      }
    ]
  }
}

Community Updates

Aero Developer FAQ Evolving the Platform Most recent release notes
Learn more Learn more Learn more

Additional Resources

   
Access Third-Party Tools with GitHub     Create .NET Apps Faster with NuGet
Visit github     visit nuget