Hello,
I have a perspective project with Igniton 8.1.43. For user authentication we are using an AD/Internal Hybrid (user_AD) user source and a internal user source as AD failover (user_internal). In addition, we synchronise user_internal from user_AD sources by scripting.
The perspective project is setup with an automatically generated identity provider user_AD and the user source user_AD.
Now we want to move to an OpenId Identity provider, but we expect to maintain the roles defined in user sources.
We have some doubt about the use of OpenID identity provider:
- Is it feasible match OpenID users with an internal usersource automatically or using scripting. Some views and actions in perspective are checking user roles.
- What happens if the identity provider fails? How can we use the internal user source as failover?
- Actually, we have set some users (administrators or API users) only on internal user source because these are internal users and not are include on Active Directory. If we move to OpenID IdP, can this user login to perspective project?
Many thanks in advance