Oauth2 authentication

From TempusServa wiki

Revision as of 12:50, 11 March 2019 by old>Admin (→‎Google Oauth)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Jump to navigation Jump to search

Understanding Oauth 2

Oauth authentication will put icons on the login page for fast and easy SSO wth multiple vendors.

The user will be authenticated if the email matches between the provider and the Tempus Serva user.

The following providors are supported.

Goole
LinkedIn
Facebook
Azure
ADFS

Setting up SingleSignon

Before going into the detailed configuration please make sure https/SSL is enabled.

Set the following configurations to true

securitySslLogin
securitySslPages

Google Oauth

Using an existing Google account , go to the [credentials section].

Navigate to "Credentials" in the left menu.

First setup Oauth messages in the Oauth conscent section

Logo, privacy policies etc. are not required but make things look better
Note that domain authentication is not required

Next setup setup credentials

Navigate back to credentials
Click Create credentials
Fill out the information
- Authorized JavaScript origins: https://alpha.tempusserva.dk
- Authorized redirect URIs: https://alpha.tempusserva.dk/TempusServa/SignInGoogle
Credentials are generated
Copy credentials to your Tempus Serva configuration
- oauthGoogleClient = [Client ID]
- oauthGoogleSecret = [Client secret]
Finally
- oauthGoogleAllow = true

Retrieved from "https://wiki.tempusserva.dk/index.php?title=Oauth2_authentication&oldid=3566"