Telicent Authorization Server
Telicent Authorization Server is built with Spring Authorization Server and provides enhanced security for Telicent applications. It achieves this through integrating with Telicent applications, providing security at the API level, which in turn allows integration of third-party applications and access to authenticated users from third party APIs.
Authorization Server provides secure authentication via configurable external Identity Providers, such as Keycloak or Cognito. Once a user has been authenticated via the IdP, an internal representation of the user is created, which then allows fine-grained authorization control over that user. This includes control over user roles, permissions and group membership. These user attributes are assessed at the API level within Telicent applications to ensure that the user has the correct authorisation for the requested action.
The pages in this section describe the set-up of the Authorization Server (including its installation / migration, configuration, and data population), the API for managing Client applications of the Authorization Server (Client API) and the API for managing the data held by the Authorization Server (Admin API).
There is also a reference page outlining the various Roles and Permissions used and managed by the Authorization Server.
Important note on logout behaviour
When a user logs out, the Authorization Server clears its own session only. It does not automatically terminate the user session held by the external Identity Provider (IdP).
If the IdP still has an active session, the user may be logged in again automatically on the next authentication flow. If you require full sign-out, implement IdP-specific logout as part of your client application’s logout flow.