SSO Google
Example Configuration:
[service.local] protocol = "http" policy = "failover" admins = ["admin"] [service.local.credential] username = "user" password = "password" [[service.local.targets]] hostname = "b2bmft.stonebranch.com" port = 9180
Google Auth
Create a new Project under your google account: https://console.cloud.google.com/projectcreate
Create a new Credential for the service: https://console.cloud.google.com/apis/credentials
From the menu Create Credentials Select OAuth Client ID.
The application type must be: Web Application
Under the Authorized redirect URIs, put the exact url where the proxy will be. For example:
https://<fqnd>:<port>/service/auth/sso/google/callback
For B2B:
https://b2bmft.stonebranch.com:9190/service/auth/sso/google/callback
Configure your application.
After you complete the form, copy the following field or download the json
file where you will have the credentials needed to prepare our setup.
Create the following instance under your service with the path related to the configuration file
[service.local.auth.google]
file = "sso-google-udmg.json"
Create the following file with the values from the file
{
"clientID": "client-id",
"clientSecret": "client-server",
"redirectURI": "<http-fqdn>/service/auth/sso/google/callback",
"hostedDomains": ["domain.com"]
}
If you are going to use a public domain, like @gmail.com dont setup the hostedDomains, since the hd parameter in the callback will be empty.
OpenID
https://console.cloud.google.com/apis/credentials
[service.local.auth.oidc] file = "openid-config.json" { "issuer": "https://accounts.google.com", "clientID": "<client-id>", "clientSecret": "<client-secret-id>", "redirectURI": "https://<fqdn>/service/auth/sso/openid/callback" }
OAuth2
[service.local.auth.oauth] file = "oauth-config.json" { "issuer": "https://accounts.google.com", "clientID": "<client-id>", "clientSecret": "<client-secret-id>", "redirectURI": "https://<fqdn>/service/auth/sso/oauth/callback", "tokenURL": "https://oauth2.googleapis.com/token", "authorizationURL": "https://accounts.google.com/o/oauth2/auth", "scopes": ["profile"], "insecureSkipVerify": true, "userInfoURL": "https://www.googleapis.com/oauth2/v3/userinfo", "userIDKey": "sub" }
Google provider offers a setup for Oauth2.