The Login process
Information for Axiell Staff
To allow Axiell staff to log in for development or testing when EMu is configured to use OIDC, the password login user interface is always displayed when running from Embarcadero C++ Builder (i.e. when the debugger is attached).
Users can also switch to use the standard password login using the login
window contextual menu. This is required to allow Axiell staff or
administrators to log in as the emu user for debugging or testing.
The steps of the EMu login process when using the OIDC protocol are:
- Enter service details:
When configured to use OIDC, the EMu application will present the standard login window but without a password field:
The Host and Service information must be provided as usual. The User field is required to allow users that belong to multiple groups to select a group at login.
Note: The user specified in the User field only functions as a hint to the external identity provider. The reason for this is that when authenticating in the browser, the user can choose to sign into an account that is different from the one specified in EMu. This situation is resolved when the user signs into the identity provider and the EMu client has connected to the EMu server.
- Sign into external identity provider:
After selecting the Login button, the user's browser will open to the identity provider's pre-configured authentication page (aka the authorization endpoint). The user must enter their credentials. If the user is signing in for the very first time, they will be prompted to allow the application to access their basic profile information such as their name or email address.
The EMu application will wait for the user to complete authentication in the browser:
Note: The EMu application will display an error and return the user to the initial login window if sign-in is not completed within 5 minutes.
- Confirmation:
After the user has signed in, they will be redirected to an EMu specific confirmation page:
- EMu application connects to server:
The EMu application will resume control at this point and attempt to connect to the EMu server.
Note: Successfully authenticating in the browser does not ensure successfully connecting to the EMu server. If the host or port number used is incorrect or if the user is not specified in the EMu Registry, for instance, there will be a problem connecting to the EMu server.
Once authenticated, the user should not be required to authenticate again when using EMu (at least until they sign out of the identity provider). The browser tab will still briefly display or, depending on the identity provider and the user's default browser, the confirmation page may remain open.
