Enterprise Authentication and the Front-End

The Kinetic Platform supports enterprise authentication methods such as SSO (e.g., SAML, LDAP), but it’s important to note that authentication is not configured in the front-end. Instead, these settings must be defined at the platform level, typically by a system administrator with access to environment configuration or Helm chart customization.

This page explains what front-end developers can do to support authentication workflows once the platform has been correctly configured by your infrastructure or DevOps team.

What the Front-End Can (and Can’t) Do

What You Can Do:

• Use the KineticLib wrapper to detect whether a user is authenticated
• Render a login screen when needed
• Use onSso to trigger SSO redirection after the backend strategy is already in place
• Handle post-login redirection or show relevant content once the user is authenticated

What You Cannot Do:

• Define or enable SSO strategies (e.g., LDAP, SAML, X.509)
• Configure identity providers or trusted metadata URLs
• Create or manage OAuth clients (these are configured in the Platform Console or backend)

⚠️

Pre-requisite: Before implementing front-end authentication, make sure your platform admin has configured:

• Trusted Domains and Frame Origins
• OAuth Clients in the Space Console

Using onSso to Trigger SSO Redirects

The onSso prop is available when an SSO strategy (like SAML or LDAP) has already been configured for your space. It provides a function you can call to trigger the SSO login process, usually as part of a custom login screen.

💡

onSso will only be defined if SSO is enabled for the current Space and your bundle is hosted from a trusted domain.

Tips for Handling Auth Behavior in the UI

• Display loading, login, or unauthorized states based on the initialized and loggedIn values from KineticLib
• Provide user-friendly messaging if the user is not logged in or if onSso is undefined
• Avoid hardcoding assumptions about available auth methods, always check your configuration

Troubleshooting

• Blank screen after login? Double-check that the redirectUri is properly whitelisted in your OAuth client configuration and matches the route where your React app initializes.
• 401 or 403 errors? Ensure the authenticated user has access to the target Kapp, form, or space. Also verify that your API calls include the appropriate include values (e.g., ['values', 'details']) to return the expected data.

Where Authentication is Configured

SSO is set up at the platform level using files like security.properties and security.space-slug.properties. These configurations are handled during the installation or deployment of the Kinetic Platform, often through Kubernetes and Helm chart values.

For more information:

• How to Configure Authentication & Login Methods
• Trusted Domains and Security Configuration