Authentication
HCL People Service supports the following authentication strategies:
- HCL Digital Experience (DX) Authentication
- OpenId Connect (OIDC)
HCL DX Authentication
Whenever a user logs into DX, the authentication process creates Lightweight Third-Party Authentication (LTPA) cookies. People Service consumes these cookies to validate the user's identity and session using the Ring API, eliminating the need for the user to re-authenticate when accessing their own or another user's profile page. To achieve this, both DX and People Service should be configured against the same user registry.
For more information on DX authentication, refer to Authentication.
OpenID Connect
People Service supports OpenId Connect (OIDC), an identity layer built on top of the OAuth 2.0 protocol. Using OIDC, clients can verify the identity of the end-user based on the authentication performed by an authorization server. Clients can also obtain basic profile information about the end-user in an interoperable and REST-like manner.
OIDC also provides a standardized way to authenticate users and obtain user information. This ensures seamless user experiences across different applications and services, as well as secure and reliable authentication mechanisms.
To set up People Service with OIDC for authentication, refer to Configuring OIDC for authentication. Additionally, ensure that DX is configured with the same OIDC provider.
Authorization
Authorization will be relayed to and consumed through DX. People Service uses the Ring API to retrieve a user's roles and permissions. These roles will then be mapped against People Service's own authorization model to determine which actions a user can perform.
People Service differentiates between anonymous users, authenticated users, and administrators. While authenticated, users can view and interact with other user profiles and manage their own profile. Administrators have additional permissions to manage all user profiles and system settings and configure the service.