Regular Web App
Regular Web App are tranditional web apps that run on the server. For e.g. JAVA, ASP.NET.
Find the below procedure to create Regular Web App:
1. Go to Administrator dashboard -> Apps -> “App Settings”.
2. Click “Create New App” button.
3. Enter the app name and click “Regular Web App”
4. Click “Create App” button, the app details screen displays
This is where all the basic information about your application such as app name, app type, redirect URLs, allowed logout URLs, website, logo, company details, etc. are entered.
5. Enter App name, for example: SampleEshop - ASP.NET, JAVA, Nodejs (your business name).
6. Enter App logo URL, for example:This logo will appear in several areas, including the list of applications in the Dashboard, as well as things like customized consent forms.
7. Administrator can change the App type from Android Mobile App, to any other app type (IOS Mobile App, Windows Mobile App and Single Page WebApp).
9. Click on the hyperlink to Import scopes from scope groups, as in the below screen, for more information click Scope Groups.
10 . Select the hosted page group from the drop down. For more information refer Hosted Pages.
11 . Enter the redirect URL: The URL of the landing page. Once the user is successfully authenticated, he is redirected to this URL. User can specify multiple valid URLs here, separated by whitespace (typically to handle different environments such as QA or testing).
12 . Enter the Allowed Logout URL User can specify multiple valid URLs here.
Enter company details here.
13 . Company Name: To store the company name and displayed while using this app.
14 . Company Address: To store the company address and displayed while using this app.
15 . Website URL: To provide the business site URL.
16 . Terms and Conditions URL: In Login/ Register pages, the link will be rendered automatically if the Terms URL is configured.
In addition to above, cidaas allows you to configure few options for OAuth, Token payloads, social login providers.
These settings should be configured to define OAuth response types and origins.
1 . Click on the “Show Advanced Settings” hyperlink, the below screen gets displayed
2 . From the drop down select response types checkbox (multiple checkbox can be selected)
3 . From the drop down select grant types checkbox (multiple checkbox can be selected)
4 . Enter the allowed origins and allowed web origins.
5 . From the drop down select Additional Access Token Fields checkbox (multiple checkbox can be selected)
You can upload or define your content policy, that you would like to show to your end user. There may be multiple policies that you want to show based on context.
Cidaas provides you a Consent Management framework that allows for this, including feature to maintain multiple versions of same policy.
By default, cidaas has a standard template that is displayed to your end users.
6 . From the drop down select the created consent group, as in the below screen
You can manage security settings such as allowed providers, required fields and configure 2FA settings here.
7 . From the drop down select the allowed providers checkbox (multiple checkbox can be selected)
8 . From the drop down select the required fields checkbox (multiple checkbox can be selected)
9 Always ask for 2FA:When this option is enabled at the app level, the end-users will be required to verify their identity using the 2nd authentication factor.
For more information refer Always ask for 2FA
10 . Click “Save” button.
Find the below advanced settings table for reference:
App level access can be set by selecting appropriate roles and groups. For e.g. the App can be assigned roles such as SECONDARY_ADMIN, USER or GROUP_ADMIN.
11 . Select the appropriate roles from the drop down.
12 . Select the appropriate cidaas Administrator role from the drop down.
13 . Select the appropriate groups from the drop down, as in the below screen,
14 . Click "Save" button, a message window pop ups "Apps Saved Successfully".
The JWE (JSON Web Encryption) specification standardizes the way to represent an encrypted content in a JSON-based data structure.
15 . Enable JWE and click “Save” button
Json Web Tokens (JWT) are used to secure the information exchange between the users and the application. To provide more security to the access token the public and private key are defined.
Using a RSA asymmetric key pair, the JWT is signed with the private key and verified with the public.
Public Key: key in PEM format, which is used to encrypt token content.
Private Key: key in PEM format, which is used to decode the encrypted token content.
16 . Once the appropriate App is created, the certificates (Public and Private keys) gets displayed as in the below screen.
App Custom Fields
User can define the custom fields (multiple fields can be defined). This is used for defining App level meta data for a business. For e.g. branch codes.
17 . Click "Save" button, a message window pop ups "Apps Saved Successfully".
18 . Once all the mandatory fields are filled, user get the Client ID and Client Secret, as in the below screen
19 . To reveal client secret id, click on the view icon .
20 . To reset client secret id, click on the reset icon , which provides a different client secret id.
21 . The created app gets displayed in “Your Apps”
22 . Cancel button redirects to app types screen.