Difference between revisions of "Oauth2 authentication"

From TempusServa wiki
Jump to navigation Jump to search
m (8 revisions imported)
(Added Wordpress)
Line 11: Line 11:
* Azure
* Azure
* ADFS
* ADFS
*WordPress (Via [https://wordpress.org/plugins/oauth2-provider plugin])


== Setting up SingleSignon ==
== Setting up SingleSignon ==
Line 51: Line 52:


Copy credentials to  
Copy credentials to  
* oauthGoogleClient
* oauthLinkedinClient
* oauthGoogleSecret
* oauthLinkedinSecret
Enable
 
* oauthLinkedinAllow


=== Facebook Oauth ===
=== Facebook Oauth ===
Line 58: Line 62:


Copy credentials to  
Copy credentials to  
* oauthGoogleClient
* oauthFacebookClient
* oauthGoogleSecret
* oauthFacebookSecret
Enable
 
* oauthFacebookAllow


=== Azure Oauth ===
=== Azure Oauth ===
Line 65: Line 72:


Copy credentials to  
Copy credentials to  
* oauthGoogleClient
* oauthAzureTenant
* oauthGoogleSecret
* oauthAzureClient
*oauthAzureSecret
Enable
 
* oauthAzureAllow


=== ADFS Oauth ===
=== ADFS Oauth ===
Line 72: Line 83:


Copy credentials to  
Copy credentials to  
* oauthGoogleClient
* oauthAdfsServer
* oauthGoogleSecret
* oauthAdfsClient
Enable
 
* oauthAdfsAllow
 
=== WordPress ===
 
# Install and activate the [https://wordpress.org/plugins/oauth2-provider plugin]
# Enable the Oauth-server (Oath Server -> Settings -> Enable Oauth Server)
# Create a new client (Oauth Server -> Clients -> Add New Client)
## Give it a descriptive name
## Add the Redirect URI (Should be something like: <code>https://[ts-hostname]/[ts-instance]/SignInWP</code>)
## Assign it admin rights
## Save it
# Copy credentials to Configurations
#* oauthWPClient
#* oauthWPSecret
# Input wordpress domain/link to Configuration (no trailing /)
#* oauthWPHost
# Enable Configuration
#* oauthWPAllow

Revision as of 13:50, 14 January 2022

Understanding Oauth 2

Oauth authentication will put icons on the login page for fast and easy SSO wth multiple vendors.

The user will be authenticated if the email matches between the provider and the Tempus Serva user.

The following providors are supported.

  • Google
  • LinkedIn
  • Facebook
  • Azure
  • ADFS
  • WordPress (Via plugin)

Setting up SingleSignon

Before going into the detailed configuration please make sure https/SSL is enabled.

Set the following configurations to true

  • securitySslLogin
  • securitySslPages

Next activate service icons on the login page

  • oauthLoginDisplay

Google Oauth

Using an existing Google account , go to the [credentials section].

Navigate to "Credentials" in the left menu.

First setup Oauth messages in the Oauth conscent section

  • Logo, privacy policies etc. are not required but make things look better
  • Note that domain authentication is not required

Next setup setup credentials

  1. Navigate back to credentials
  2. Click Create credentials
  3. Fill out the information
  4. Credentials are generated
  5. Copy credentials to your Tempus Serva configuration
    • oauthGoogleClient = [Client ID]
    • oauthGoogleSecret = [Client secret]
  6. Finally
    • oauthGoogleAllow = true


LinkedIn Oauth

Follow the guide

Copy credentials to

  • oauthLinkedinClient
  • oauthLinkedinSecret

Enable

  • oauthLinkedinAllow

Facebook Oauth

Follow the guide

Copy credentials to

  • oauthFacebookClient
  • oauthFacebookSecret

Enable

  • oauthFacebookAllow

Azure Oauth

Follow the guide

Copy credentials to

  • oauthAzureTenant
  • oauthAzureClient
  • oauthAzureSecret

Enable

  • oauthAzureAllow

ADFS Oauth

Follow the guide

Copy credentials to

  • oauthAdfsServer
  • oauthAdfsClient

Enable

  • oauthAdfsAllow

WordPress

  1. Install and activate the plugin
  2. Enable the Oauth-server (Oath Server -> Settings -> Enable Oauth Server)
  3. Create a new client (Oauth Server -> Clients -> Add New Client)
    1. Give it a descriptive name
    2. Add the Redirect URI (Should be something like: https://[ts-hostname]/[ts-instance]/SignInWP)
    3. Assign it admin rights
    4. Save it
  4. Copy credentials to Configurations
    • oauthWPClient
    • oauthWPSecret
  5. Input wordpress domain/link to Configuration (no trailing /)
    • oauthWPHost
  6. Enable Configuration
    • oauthWPAllow