This page will show you how to set up delegated authentication with Kiuwan. 


Centralized authentication is also known as delegated authentication.

In this scenario, Kiuwan delegates your authentication to an external system.

The following image describes how it works: 



In this scenario:

  1. Login to Kiuwan

    1. First, you must log in to Kiuwan, but not to You need to set up a specific URL within your domain. Something similar to or 

  2. Identify user

    1. That URL will be received by an authentication service application that will delegate your authentication to an external system, e.g. Active Directory, LDAP or a similar system.

  3. Redirect to with a token

    1. The corporate authentication system checks if you do already have a security context or you need to identify it. If the authentication succeeds, the authentication service application will generate a JWT authentication token including the username (encrypted using a secret key that you can generate in your Kiuwan account settings page).

    2. Once the auth token is ready, the system redirects to your browser

  4. Authenticated request

    1. The browser requests access to with an authenticated request that recognizes, granting access to the requested resource.

You can find a sample authentication service application (kiuwan/kiuwan-local-authentication) as a sample to get started. This sample application uses Tomcat (tomcat-users.xml) as an authentication mechanism, but you can freely adapt to any other external auth system.

You can find details on how to set it up here 


  • No labels