SSO Google
Example Configuration:
[service.local]
protocol = "http"
policy = "failover"
admins = ["admin"]
[service.local.credential]
username = "user"
password = "password"
[[service.local.targets]]
hostname = "b2bmft.stonebranch.com"
port = 9180
Google Auth
Create a new Project under you google account: https://console.cloud.google.com/projectcreate
Create a new Credential for the service: https://console.cloud.google.com/apis/credentials
From the menu Create Credentials
Select OAuth client ID
and follow the steps
The application type must be: Web Application
Under the Authorized redirect URIs
you should put the exact url where the proxy will be example:
https://<fqnd>:<port>/service/auth/sso/google/callback
For B2B:
https://b2bmft.stonebranch.com:9190/service/auth/sso/google/callback
Configure your application
After you complete the form, copy the following field or just download the json
file where you will have the credentials needed to prepare our setup.
Create the following instance under your service wit the path related to the configuration file
[service.local.auth.google]
file = "sso-google-udmg.json"
Create the following file with the values from the file
{
"clientID": "client-id",
"clientSecret": "client-server",
"redirectURI": "<http-fqdn>/service/auth/sso/google/callback",
"hostedDomains": ["domain.com"]
}
OpenID
https://console.cloud.google.com/apis/credentials
[service.local.auth.oidc]
file = "openid-config.json"
{
"issuer": "https://accounts.google.com",
"clientID": "<client-id>",
"clientSecret": "<client-secret-id>",
"redirectURI": "https://<fqdn>/service/auth/sso/openid/callback"
}
OAuth2
[service.local.auth.oauth]
file = "oauth-config.json"
{
"issuer": "https://accounts.google.com",
"clientID": "<client-id>",
"clientSecret": "<client-secret-id>",
"redirectURI": "https://<fqdn>/service/auth/sso/oauth/callback",
"tokenURL": "https://oauth2.googleapis.com/token",
"authorizationURL": "https://accounts.google.com/o/oauth2/auth",
"scopes": ["profile"],
"insecureSkipVerify": true,
"userInfoURL": "https://www.googleapis.com/oauth2/v3/userinfo",
"userIDKey": "sub"
}
Note: Google provider offer a setup for Oauth2