Using OIDC or Oauth as the Authentication Source for Digital Hive

Using OIDC or Oauth as the Authentication Source for Digital Hive

Question

Can Digital Hive leverage OIDC (OpenID Connect) or Oauth as the authentication source for Digital Hive?

Answer

Digital Hive can be configured to use OIDC and/or Oauth authentication, but some default configuration parameters will have to be modified. 
It is highly recommended that OIDC and Oauth integration is configured BEFORE a user has logged into the Digital Hive application. If a user has previously logged into Digital Hive before OIDC/Oauth was configured, please contact the Customer Success team at support@digitalhive.com.

Note: After completing these steps, the first user to log into Digital Hive will be the Super User so please make sure that the first user to access Digital Hive is the intended Super User.

Specify OIDC authentication type and server

  1. Using the Windows File Explorer, navigate to the <install directory>\DigitalHive\app\node1\tomcat\conf directory
  2. Open the theia.properties file in a text editor
  3. Locate these entries within the file, usually at the bottom of the file (these are the settings for OKTA, Google, and Azure providers)

  4. Change the spring.security.oidc.client.registration.provider value to either okta, google, or azure. In this example, OKTA will be used as the security provider
  5. Set the value for spring.security.oidc.client.registration.mergeByEmail to OFF

  6. Change the values of the okta strings to match your authentication provider

  7. Save the changes to the file
Configuration settings for Microsoft Azure would look similar to:




Configuration settings for Google would look similar to:




Configure multiple authentication providers

It is possible to configure multiple OIDC/Oauth security providers for Digital Hive authentication. Each section must be completed in the theia.properties (as per the guidance above) and the registration provider string must include the different options separated by a semi-colon ;



When multiple providers are used, when users log in to Digital Hive, they will be forced to first select a provider.

Configure Digital Hive to use OIDC / Oauth

  1. From within the Services panel, stop the DigitalHive-node1 service
  2. Using the Windows File Explorer, navigate to the <install directory>\DigitalHive\app\node1\tomcat\bin directory
  3. Right click on the tomcat10w.exe file (tomcat9w.exe if using an older version of Digital Hive)
  4. Select Create shortcut
  5. Drag the newly created tomcat10w.exe - Shortcut to the desktop
  6. Right click on the tomcat10w.exe - Shortcut
  7. Select Properties
  8. On the Shortcut tab, append //ES//DigitalHive-node1 to the Target making sure that there is a space between the value and the appended string
      
  9. Click OK
  10. Double click the Desktop tomcat10w.exe - Shortcut
  11. Click Yes
  12. Select the Java tab
  13. In the Java Options: section add -Dspring.profiles.active=oidc_auth to the list of strings (you can also take this opportunity to increase the amount of memory that Digital Hive can use by changing the two memory settings at the bottom of the dialog)
                                  
  14. Click OK
  15. From within the Services panel, start the DigitalHive-node1 service
Digital Hive is now configured to use OIDC and/or Oauth providers for authentication. 

    • Related Articles

    • Using OAuth as the Authentication Source for Digital Hive

      Question Can Digital Hive leverage OAuth as the authentication source so that existing users and groups can be used? Answer OAuth sources like Azure and Google can both be leveraged for Digital Hive authentication. When using external third-party ...

    • Using Active Directory as the Authentication Source for Digital Hive

      Question Can Digital Hive leverage Active Directory as the authentication source so that existing AD users and groups can be used? Answer Digital Hive can be configured to use Active Directory authentication as long as the Digital Hive server is ...

    • Using SAML as the Authentication Source for Digital Hive

      Question Can Digital Hive leverage SAML as the authentication source so that existing an SAML provider can be used? Answer Digital Hive, both Windows and Linux, can be configured to use SAML authentication. It is highly recommended that SAML ...

    • Automatically Creating and Renewing OAuth User Credentials

      Starting in the Digital Hive 2024.2 release (April 2024), it is now possible to automatically 'unlock' OAuth user credentials when a user first logs into Digital Hive. This means that first time users won't have to remember to unlock their personal ...

    • Digital Hive Installation and Configuration Overview

      Overview This article serves as a collection of all the steps required to install and configure the Digital Hive solution. Prerequisites Digital Hive can be installed on either Windows or Linux based systems. From a server sizing perspective, the ...