Panel | |
---|---|
|
...
Example with Google OAuth
Before you begin
The Redirect URI (or callback URI) must be determined.
It will be in the form https://<FQDN>:<PORT>/service/auth/sso/google/callback, where FQDN and PORT are the name and port for the host where the UDMG Authentication Proxy and NGINX server are installed.
For example https://udmg.stonebranch.com:8080/service/auth/sso/google/callback.
Configuration on Google Cloud
- Create a new Project under your Google account: https://console.cloud.google.com/projectcreate
- Create a new Credential for the service: https://console.cloud.google.com/apis/credentials
- From the menu Create Credentials Select OAuth Client ID.
- The application type must be: Web Application
- Under the Authorized redirect URIs, put the value for UDMG Authentication Proxy callback URI.
- Click Create
- Keep the client id, the client secret and the JSON file for reference. This is needed to complete the setup o on UDMG.
Reference:
...
Code Block | ||
---|---|---|
| ||
{
"clientID": "client-id",
"clientSecret": "client-server",
"redirectURI": "https://udmg.stonebranch.com:8080/service/auth/sso/google/callback",
"hostedDomains": ["domain.com"]
}
|
...
Example with OpenID Provider
Before you begin
The Redirect URI (or callback URI) must be determined.
It will be in the form https://<FQDN>:<PORT>/service/auth/sso/openid/callback, where FQDN and PORT are the name and port for the host where the UDMG Authentication Proxy and NGINX server are installed.
For example https://udmg.stonebranch.com:8080/service/auth/sso/openid/callback.
Configuration on UDMG
To configure the SSO OpenID integration on UDMG Authentication Proxy, follow these steps.
...
- Add a file parameter with a filename, for example
udmg-sso-openid.json
- Create this configuration file in the same location as the UDMG Authentication Proxy configuration file
- Fille Fill in the clientID and clientSecret with the values from the setup on Google Cloud.
- Set the redirectURI with the callback URI for the UDMG Authentication Proxy.
Code Block | ||
---|---|---|
| ||
{
"issuer": "https://accounts.google.com",
"clientID": "<client-id>",
"clientSecret": "<client-secret-id>",
"redirectURI": "https://udmg.stonebranch.com:8080/service/auth/sso/openid/callback"
} |
...
Example with OAuth2 Provider
Before you begin
The Redirect URI (or callback URI) must be determined.
It will be in the form https://<FQDN>:<PORT>/service/auth/sso/openid/callback, where FQDN and PORT are the name and port for the host where the UDMG Authentication Proxy and NGINX server are installed.
For example https://udmg.stonebranch.com:8080/service/auth/sso/openid/callback.
Configuration on OAuth2 identity provider
The following parameters must be known
- Client ID
- Client Secret
- token URL
- authorization URL
- User Info URL
Scope and user email
The user email is needed for the identification of the user record in UDMG and must be returned by the identity provider.
The specific required scope depends on the identity provider.
In the case of OAuth2 with Google Cloud Provider, it is required to grant additional scopes for that purpose.
- On Google Cloud console, go to OAuth consent screen and edit the App.
- Under the Scopes step
- Grant the following scopes
- After clicking Update the scopes, they are listed under Your non-sensitive scopes
Configuration on UDMG
...
- Add a file parameter with a filename, for example
udmg-sso-oauth.json
- Create this configuration file in the same location as the UDMG Authentication Proxy configuration file
- Fille Fill in the clientID and clientSecret with the values from OAuth identity provider.
- Set the redirectURI with the callback URI for the UDMG Authentication Proxy.
- Set the tokenURL, authorizationURL and userInfoURL with the values from OAuth identity provider.
Code Block | ||
---|---|---|
| ||
{
"clientID": "<client-id>",
"clientSecret": "<client-secret-id>",
"redirectURI": "https://udmg.stonebranch.com:8080/service/auth/sso/oauth/callback",
"tokenURL": "https://oauth2.googleapis.com/token",
"authorizationURL": "https://accounts.google.com/o/oauth2/auth",
"scopes": ["profile"],
"insecureSkipVerify": true,
"userInfoURL": "https://www.googleapis.com/oauth2/v3/userinfo",
"userIDKey": "sub"
} |
...