OAuth2Models.ini is a file is distributed with the Thinfinity VirtualUI installation that has all the information of the default available logins:

[Google]

ClientID =

ClientSecret =

AuthorizationParameters = scope=https://www.googleapis.com/auth/userinfo.email&approval_prompt=auto

AuthorizationURL = https://accounts.google.com/o/oauth2/auth

TokenValidationURL = https://accounts.google.com/o/oauth2/token

ProfileValidationURL = https://www.googleapis.com/oauth2/v1/userinfo

UsernameField = email

[Facebook]

ClientID =

ClientSecret =

AuthorizationParameters = scope=email

AuthorizationURL = https://www.facebook.com/dialog/oauth

TokenValidationURL = https://graph.facebook.com/oauth/access_token

ProfileValidationURL = https://graph.facebook.com/me?

UsernameField = email

[LinkedIn]

ClientID =

ClientSecret =

AuthorizationURL = https://www.linkedin.com/uas/oauth2/authorization

AuthorizationParameters = state=HIJK98sDT88jnS23S&scope=r_emailaddress

TokenValidationURL = https://www.linkedin.com/uas/oauth2/accessToken

ProfileValidationURL = https://api.linkedin.com/v1/people/~:(emailAddress)?format=json

UsernameField = emailAddress

[Dropbox]

ClientID =

ClientSecret =

AuthorizationURL = https://www.dropbox.com/1/oauth2/authorize

AuthorizationParameters =

TokenValidationURL = https://api.dropboxapi.com/1/oauth2/token

ProfileValidationURL = https://api.dropboxapi.com/1/account/info

UsernameField = email

Use this file as a template and edit it in order to add new authentication methods or ask your authentication provider for different data.

Read more:

· OAuth 2.0

****

RADIUS as an authentication method means that the user will have to enter their RADIUS credentials in order to gain access to a set of applications defined in Thinfinity VirtualUI.

RADIUS can be added in the 'Authentication' tab of the Thinfinity VirtualUI Server Manager. Toggle its availability as an authentication method by checking or unchecking it.

When you add RADIUS as an authentication method you will be required to provide the RADIUS account relevant information.

The user definition is completed through the mapping between the user ID returned by RADIUS and a user registered for this Authentication ID Mask. The RADIUS credentials are mapped to Active Directory Objects in the 'Mappings' tab. Those Active Directory objects should satisfy the permission access rules of the applications that they are expected to get access to.

Read more:

· Windows Logon

· OAuth 2.0

· External DLL

OAuth 2.0 is a standard authentication method used mostly in social web sites. The user will have to enter their OAuth 2.0 (Facebook, Dropbox, LinkedIn, Google or other) credentials in order to gain access to a set of applications defined in Thinfinity VirtualUI.

Read more:

****

Windows Logon means that the end-user will have to enter Windows Activate Directory credentials in order to gain access to a set of applications defined in Thinfinity VirtualUI.

The profiles matching the credentials provided in their the 'Permissions' tab will be the profiles shown to the authenticated user, along with those with the 'Allow Anonymous Access' option checked in their 'Permissions' tab

Windows Logon is enabled by default in the 'Authentication' tab of the Thinfinity VirtualUI Server Manager. Toggle its availability as an authentication method by checking or unchecking it.

Read more:

· RADIUS

· OAuth 2.0

· External DLL

Thinfinity VirtualUI allows you to integrate your own custom authentication method. In order to do this, use the Thinfinity VirtualUI Authentication API.

The External DLL authentication method can be added in the 'Authentication' tab of the Thinfinity VirtualUI Server Manager. Toggle its availability as an authentication method by checking or unchecking it.

When you add an External DLL authentication method you will be required to reference the .dll in the 'External DLL' option. Check the complete reference in the External DLL Authentication Method Settings.

The user definition is completed through the mapping between the user ID returned by the external DLL and an Active Directory Objects mapped for this Authentication ID Mask.

Read more:

· Authentication API

****

Thinfinity VirtualUI provides you with an API that you can use to develop your own authentication method and integrate it with VirtualUI.

Choose the code sample of your language of preference and add it to your implementation:

Delphi:

function ValidateUser(

const UserName, Password, Metadata: PWideChar;

SecurityRole, WinUser, WinPass, CustomData: PWideChar;

var Handled: Boolean): Cardinal; stdcall;

Input:

Output:

C++:

THINFINITY_API DWORD __stdcall ValidateUser(LPWSTR lpUserName, LPWSTR lpPassword, LPWSTR lpMetadata, LPWSTR lpSecurityRole, LPWSTR lpWinUser, LPWSTR lpWinPass, LPWSTR lpCustomData,

PBOOLEAN pHandled)

Input:

Output:

C#:

[DllExport("ValidateUser", CallingConvention = CallingConvention.StdCall)] [return: MarshalAs(UnmanagedType.I4)] public static Int32 ValidateUser( [In, MarshalAs(UnmanagedType.LPWStr)] string lpUserName, [In, MarshalAs(UnmanagedType.LPWStr)] string lpPassword, [In, MarshalAs(UnmanagedType.LPWStr)] string lpMetadata,

[In, Out, MarshalAs(UnmanagedType.LPWStr)] StringBuilder lpSecurityRole, [In, Out, MarshalAs(UnmanagedType.LPWStr)] StringBuilder lpWinUser, [In, Out, MarshalAs(UnmanagedType.LPWStr)] StringBuilder lpWinPass, [In, Out, MarshalAs(UnmanagedType.LPWStr)] StringBuilder lpCustomData, [Out] bool pHandled);

Input:

Output:

Read more:

· External DLL

Thinfinity VirtualUI allows you to use the following authentication methods.

Windows Logon

This option enables Active Directory credentials. This method is enabled by default.

RADIUS

Remote Authentication Dial-In User Service (RADIUS) is a networking protocol and software that provides centralized Authentication, Authorization, and Accounting (AAA) management for users who remotely connect to a network service, in this case the Thinfinity VirtualUI Server.

OAuth 2.0

OAuth 2.0 (or OAuth/2) is an open standard for authorization and authentication, commonly used as a way for Internet users to log into third party websites using their social network (Facebook, Google, LinkedIn, etc.) account without exposing their password.

External DLL

A custom authentication method implemented by you or a third party with our authentication API and referenced in the Thinfinity VirtualUI server.

Anonymous Authentication

Read more:

In the login.css file, included in the 'web\css' folder of the Thinfinity VirtualUI installation, you will find the style for the login buttons.

#google { background-color:#4285F4; }

#google .imgbtn { background-image: url(../images/sso/google.png); }

#facebook { background-color:#2f4e9e; }

#facebook .imgbtn { background-image: url(../images/sso/facebook.png); }

#yahoo { background-color:#6839af; }

#yahoo .imgbtn { background-image: url(../images/sso/yahoo.png); background-size: 30px; }

#linkedin { background-color:#00A0DC; }

#linkedin .imgbtn { background-image: url(../images/sso/linkedin.png); }

#dropbox { background-color:#007ee6; }

#dropbox .imgbtn { background-image: url(../images/sso/dropbox.png); background-size: 30px; }

You can change the logo and/or background color of the login buttons for the Oauth 2.0 authentication methods.

Each pair of entries corresponds to one authentication method. The ID (#google, #facebook) must match the Virtual Path established in the Oauth 2.0 Authentication Method Settings. With the installation, these parameters are matching by default, but make sure to change it in both places if you do.

The first line of each pair defines the button color, and the second one the button image.