Manage Authentication Endpoints
Hub stores a collection of redirect URIs that are used for authentication. As an administrator, you can manage this list to ensure that login requests are redirected to valid endpoints that authorize access to the service.
Redirect URI Validation
When a user accesses a connected service, the request is redirected to Hub for authorization. The connected service must receive validation that the access endpoint matches one of the redirect URIs that are registered in Hub. If the redirect URI is valid, the user is granted access to the service (if the session timeout has not expired) or redirected to the service login page.
Hub uses the following combinations to validate the redirect URI:
Absolute home URL + a registered relative redirect URI
Any absolute URL from the list of base URLs + a registered relative redirect URI
A registered absolute redirect URI
Untrusted Redirect URIs
When a user is authenticated against an endpoint that is not registered as a trusted redirect URI in Hub, an error is displayed. This error informs the user that the address used to access the service is not registered as a trusted access address.
The authentication endpoint is automatically saved to a list of Untrusted redirect URIs on the Settings tab of the service page. If you recognize this address as a valid authentication endpoint for the service, you can add it to the list of registered redirect URIs.
This feature helps administrators manage access to services that are under development, where new pages and access points are added on a regular basis. Rather than having to copy new endpoints manually, administrators can review the list of untrusted redirect URIs and choose which URIs they want to trust.
The following options are available:
Option | Description |
---|---|
Accept access | Adds the endpoint to the list of registered redirect URIs. The address is used to authenticate access for the service. |
Ignore | Removes the endpoint from the list of untrusted redirect URIs. The address is not allowed to be used to authenticate access for the service. |