Skip to main content

Secure the Application

 

OutSystems

Integrated Authentication

OutSystems natively supports Integrated Windows Authentication so you can use a centralized management of the end-users and have automatic authentication in your applications. Integrated authentication allows the end-users to access applications using their domain credentials.

When the end-user tries to access a web screen that requires authentication, the application server returns an HTTP 401 status, signaling that the end-user is trying to access a resource that requires authentication. The browser then sends the credentials the end-user used to authenticate in the Windows operating system, or if unable to do so, prompts the end-user to provide the credentials. From then on, the browser automatically sends the credentials when they are required, without the end-user having to insert the domain credentials again.

Elements that Support Integrated Authentication

You can enable integrated authentication for all applications or for specific elements inside an application. Enable Integrated Authentication for specific elements by setting their Integrated Authentication property to Yes.

The elements that support Integrated Authentication are the following.

Web Screens
The end-users accessing it will have to be authenticated by Integrated Authentication.
Web Flows
All screens that don't have set the Integrated Authentication property inherit its value form the web flow.
Exposed and Consumed SOAP Web Services
For exposed Web Services, the OutSystems application always asks the web service client for its credentials while processing the request. Note that, depending on the client that invokes the SOAP Web Service, it may not be possible to send the credentials and to consume its services.
For consumed Web Services, OutSystems sends its credentials to the Web Service server. Note that delegation is not supported if your system is configured to use NTLM when you invoke a Web Service inside a web screen.

Tip: If you need to support Integration Windows Authentication in an exposed REST API you can do it by implementing your own custom logic.

Integrated Authentication Built-in Actions

OutSystems has built-in actions and functions that use Integrated Windows Authentication.

Remarks

Integrated Authentication is available only in .NET environments. If your Application Server module property is set to "J2EE" or "(Both)", a warning message is shown, signaling that this property will be disregarded at runtime.

Also, to use integrated authentication, both the client and front-end server must be in the same domain and must have an Active Directory that stores information about the end-users and their credentials.

  • Was this article helpful?