I’m hoping the concept of a “realm” in OCC will help me solve a problem, but I can’t find much documentation on exactly what this does.
My scenario:
Multiple Servers, each with multiple Files.
All servers are configured to use a Custom oAuth implementation (Which actually uses MS Entra as the Authentication)
All users logging in via Web Direct
The issue I have is this:
User A logs into File A on Server A using custom oAuth. All works fine. BUT if the users navigates to a layout which has a field on it which is references a table occurrence from one of the other files on another server (defined as a standard FM External data source link) then the user is prompted to log in AGAIN. I believe this is because the token provided by the oAuth mechanism is specific to the server which requests it.
Will adding all the servers into an OCC ‘Realm’ remedy this?
A Realm is a set of OAuth groups and users. You can configure a FileMaker server to use an Ottomatic Realm for custom Oauth on a FileMaker Server. You can have many FileMaker servers associated with a Realm, but a FileMaker Server can only use one custom Oauth and therefore one Realm.
An Ottomatic Realm is analogous to the MS Entra domain you currently have, and so therefore will not solve your problem.
There is no way to solve your problem with custom OAuth. The OAuth login token you get back from the FileMaker server is good only for that server. If you pull open another file on another server you will be forced to log in again, because you need a token for that server.
If you used regular accounts that where the same in both file that would work.
Also if you used the older style External Auth through Active Directory with both servers attached to the same Active Directory domain, that would work.