Ability to replace Identity Service references in a Fabric application

Overview

Identity Services help to secure your Fabric apps by adding an authentication layer.

For example:

  • APIs may require you to pass the token returned by its authentication backend in the API calls. To achieve this, you can configure integration service operations to call the various back-end APIs, and you will need to configure the Identity Service for Backend Token in the integration service configuration page.

  • Identity Services can be configured to filter response data based on Identity Service profile attributes and security attributes. Identity filters are an enhanced data filtering mechanism that you can use to filter data based on dynamic fields returned from an identity provider.

Fabric apps can be implemented using several services which are authenticated by Identity Services. The configuration of each Identity Service varies based on the implementation and the business requirements. There can exist scenarios where the referred Identity Service needs to be replaced to a newer Identity. In such cases, you can access the app in Fabric Console to make relevant changes.

From V9 SP3, MFCLI is enhanced with the replace-identity-service-references command. This command can replace existing Identity Service references in the Fabric app with another Identity Service. This command replaces the Identity Service references for Backend Token and Enhanced Identity filters.

NOTE: For more information on Identity Services, refer to Fabric Identity Services
For more information on Identity Filters, refer to Enhanced Identity Filters.

Identity References in Fabric Services

The following section details on the references to Identity Services configurations for back-end services and operations in a Fabric app.

  • Identity Service for Backend Token

  • Authentication for the Existing Identity Provider

  • Enhanced Identity Filters

Prerequisites

  • Fabric Command Line Utility v9.3.0.0

The replace-identity-service-references command uses the App zip as input and replaces the existing Identity Service references with the new Identity Service. When you run this command, a new version with replaced Identity Service references in the App.zip is created in your local system.


java -jar mfcli.jar replace-identity-service-references --input-package-path <file path> --existing-identity-service-name <existing identity service name> --new-identity-service-name <new identity service name> --service-list <service names> --output-directory <directory path> --output-package-name <mypackage.zip> --override-existing

  • * --existing-identity-service-name - Existing identity service name

  • * --input-package-path - Path of the app package file. For e.g. C:\\tmp\\Sample.zip.

  • * --new-identity-service-name - New identity service name

  • * --output-directory - Path of the directory to dump the output app package. For e.g. C:\\tmp\\.

  • * --output-package-name - This will be used to name the final zip file.

  • --override-existing - If provided, output file with the specified filename will be over-written if it already exists. Else, it will show error, if the file exists. Default: false

  • --service-list - Comma separated integration service names in which the identity references should be modified.

The following sample output shows that the Identity Services reference replacement is successful.