Authenticating application in Arnica UnifiedLogon

February 18, 2022 by Igor Lozhkin
Arnica UnifiedLogon integrates multiple applications. Each application may include its own set of resources, roles, configuration keys, user session properties, access rules, data sources and other entities.   

When a user accesses a resource of a specific application, there is two-stage verification in order to allow this action:

  1. Authentication - to identify who the user is and whether the user session may be used with this specific application 
  2. Authorization - to check whether the authenticated user has access to a specific resource of the application

When creating a user session, each login request is processed in the context of a specific application, called authenticating application. 

authenticating_application.png

Every resource identifies itself as belonging to a specific application for authentication purposes. Like in the screenshot above, a report will be authenticating against the CRM application .

Authentication against an application implies that a user must be granted access to this application either directly or via user groups or application roles, of which the user is a member, which in turn are configured to access the application. 

Upon successful authentication against a specific application, UnifiedLogon creates both a global user session, which may be used to access other applications, and the application-specific user session, which handles session timeout independently from other applications. Each application may have a different session timeout - more sensitive applications may be configured with shorter user session timeouts, while general purpose applications could have a longer session timeout. 

A user may create a session in the context of one applications and use the same session to start activity in another application, provided that the user has access to this application.