Hub 2024.3 Help

Manage Authentication Endpoints

Hub stores a collection of redirect URIs that are used for authentication. As an administrator, you can manage this list to ensure that login requests are redirected to valid endpoints that authorize access to the service.

Redirect URI Validation

When a user accesses a connected service, the request is redirected to Hub for authorization. The connected service must receive validation that the access endpoint matches one of the redirect URIs that are registered in Hub. If the redirect URI is valid, the user is granted access to the service (if the session timeout has not expired) or redirected to the service login page.

Hub uses the following combinations to validate the redirect URI:

  • Absolute home URL + a registered relative redirect URI

  • Any absolute URL from the list of base URLs + a registered relative redirect URI

  • A registered absolute redirect URI

Untrusted Redirect URIs

When a user is authenticated against an endpoint that is not registered as a trusted redirect URI in Hub, an error is displayed. This error informs the user that the address used to access the service is not registered as a trusted access address.

OAuth 2 error for untrusted redirect URIs.

The authentication endpoint is automatically saved to a list of Untrusted redirect URIs on the Settings tab of the service page. If you recognize this address as a valid authentication endpoint for the service, you can add it to the list of registered redirect URIs.

This feature helps administrators manage access to services that are under development, where new pages and access points are added on a regular basis. Rather than having to copy new endpoints manually, administrators can review the list of untrusted redirect URIs and choose which URIs they want to trust.

The following options are available:

Option

Description

Accept access

Adds the endpoint to the list of registered redirect URIs. The address is used to authenticate access for the service.

Ignore

Removes the endpoint from the list of untrusted redirect URIs. The address is not allowed to be used to authenticate access for the service.

Last modified: 09 November 2023