Ometa Framework Provider Configuration

When a provider is configured on its owning platform, we can start using it within the Ometa Framework. To enable a provider, startup the WpfGUI application, click on the application menu and click on providers.

For each provider, you'll need to configure some parameters if you want to use them in the Ometa Framework. To obtain those parameters, please read the platform configuration article of the provider you wish to enable.

Note

The Windows provider is an exception because a local AD does not support OAuth2.0. If you want to use the Windows provider, the only thing you need to do is enable it here and enable Windows authentication on the Authority Service. Read the Windows (AD) article for more information on how to do this.

The client id is assigned to your app when you configured it on its platform.

Specifies which conditions must be met for users to use this provider. See the Condition Sets article for more information on how to configure condition sets.

The available configurable fields for conditions used in providers are:

Name	FieldType	Description
Request.IsExternalUser	YesNo	Indicates if the user is from outside the organisation. This field can only be true on SharePoint Online environments external users. For example, this field can never be true when connecting the Ometa Business Connector.
Request.Url	Text	The target url of the request. This is the Ometa authority service itself.
Request.IpAddressV4	Text	The IP-address v4 of the user.
Request.IpAddressV6	Text	The IP-address v6 of the user.
Request.UserAgent	Text	The user agent of the user.
Request.Host	Text	The host of the url.
Request.Referer	Text	The original address the request came from. This can be used to determine the SharePoint environment.
Request.AcceptLanguage	Text	The languages client can understand, and which variant is preferred.

Tip

The available fields and their values can be validated in the logging of the authority service upon authenticating. The minimum log level for this is 'Information'.

Microsoft

If you enable the Microsoft provider, you can configure some additional settings.

The Microsoft provider has the capability to include assigned AD groups in Microsoft Entra as claims during the login to the Ometa framework. This feature is enabled by default. If this is not desired behaviour or there are issues (due to lacking access rights or too many AD groups assigned), there are 2 options to change the AD groups retrieval, either by fully disabling the automatic loading or retrieve a limited set of AD groups for inclusion as claims:

Disable the automatic loading by unchecking the option Include AD groups as claims.
Filter AD groups to a limited set. In the example only Security AD groups will be added. Multiple selections are possible.

Important

If the Include AD groups as claims feature is enabled but no filter is selected, the Microsoft provider will always fall back to the loading of all AD groups with property SecurityEnabled set to True as that was the behaviour in previous framework versions.

Please note that different types of AD groups can have the property SecurityEnabled set to True, not only Security groups. For more information, consult the article Group types in Microsoft Entra ID and Microsoft Graph.

End-user experience

Only enabled providers with filled-in client id and secret will be shown on the providers screen of the user.

Note

If only one provider is enabled, the user will never see the screen and will immediately be redirected to the enabled provider.

Important

If you make changes to the client id or secret of one or more providers, you must restart the Authority Service for these changes to take effect. Enabling or disabling a provider is possible without restarting the Authority Service.

Table of Contents

Ometa Framework Provider Configuration

Note

Warning

Tip

Microsoft

Important

Warning

Note

Note

End-user experience

Note

Important