External authentication

  • On this page

Introduction

External authentication is perfect when you have an existing user database in another system. You can then configure Weavy to use your already existing user database for authentication.

Prerequisites 

In order to configure external authentication the following things are required:

  • You have an existing user database.
  • You can implement and add an API endpoint (https) that Weavy can call for authentication.

Configuration 

The following settings are required for Weavy to use external authentication.

Web server 

The Weavy website in IIS must be configured with the following settings:

Anonymous Authentication = Enabled
Forms Authentication = Disabled
Windows Authentication = Disabled

Web.config 

The web.config file should have the following configuration:

<appSettings>


<add key="weavy.authentication-endpoint" value="https://www.example.com/authenticate" />


</appSettings>


...


<system.web>


<authentication mode="None" />


</system.web>

The weavy.authentication-endpoint should point to an url that implements the external authentication specification as described below.

Your authentication enpoint must use the https:// protocol, otherwise you will receive a configuration error.

Authentication Endpoint 

With an authentication endpoint configured, Weavy will POST the username and password to the endpoint when a user submits the sign in form.

POST https://www.example.com/authenticate HTTP/1.1


Content-Length: 35


Content-type: application/x-www-form-urlencoded


 


username=username&password=password

Example authentication request that Weavy will send to your authentication endpoint

Your api endpoint should authenticate the user and send back a status 200 OK with a valid JWT. The JWT should have the same claims as required when using SSO with the client SDK.

HTTP/1.1 200 OK


Content-Type: text/plain; charset=utf-8


Content-Length: 171


 


eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJXZWF2eSIsInN1YiI6MSwiZXhwIjoxNTkwNTcyOTAwLCJlbWFpbCI6Im5hbWVAZXhhbXBsZS5jb20ifQ.ugkvnb6i9u_tZf1FxJ-ULO8XA2M9WmhZDwMS-XkWHJ0

Example reponse from authentication endpoint.

If the user was not found or unauthorized, the api should return corresponding status codes, i.e. 404 Not Found or 401 Unauthorized.

Single Sign-On 

It's recommended to combine external authentication with SSO in the client SDK. This provides a way for users to seamlessly get signed in into Weavy as long as they are signed in to your application.
© 2022 Weavy. All rights reserved.