Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 8 Next »

SSO Google

Example Configuration:

[service.local]
protocol = "http"
policy = "failover"
admins = ["admin"]

[service.local.credential]
username = "user"
password = "password"

[[service.local.targets]]
hostname = "b2bmft.stonebranch.com"
port = 9180


Google Auth

Create a new Project under your google account: https://console.cloud.google.com/projectcreate

Create a new Credential for the service: https://console.cloud.google.com/apis/credentials

From the menu Create Credentials Select OAuth Client ID.

The application type must be: Web Application

Under the Authorized redirect URIs,  put the exact url where the proxy will be. For example:

https://<fqnd>:<port>/service/auth/sso/google/callback


Configure your application.

After you complete the form, copy the following field or download the json file where you will have the credentials needed to prepare our setup.

Create the following instance under your service with the path related to the configuration file

[service.local.auth.google]
file = "sso-google-udmg.json"

Create the following file with the values from the file

{
    "clientID": "client-id",
    "clientSecret": "client-server",
    "redirectURI": "<http-fqdn>/service/auth/sso/google/callback",
    "hostedDomains": ["domain.com"]
}

If you are going to use a public domain, like @gmail.com don't setup the hostedDomains, since the hd parameter in the callback will be empty.


OpenID

https://console.cloud.google.com/apis/credentials

[service.local.auth.oidc]
file = "openid-config.json"

{
    "issuer": "https://accounts.google.com",
    "clientID": "<client-id>",
    "clientSecret": "<client-secret-id>",
    "redirectURI": "https://<fqdn>/service/auth/sso/openid/callback"
}

OAuth2

In the case of OAuth2 with Google Provider, you will need to grant some extra scopes. Since by default the email is not in the payload.

In order to grant the scopes, you will need to edit the App

Under the scope step

Grant the follow scopes

After Update the scopes you should see listed under Your non-sensitive scopes

[service.local.auth.oauth]
file = "oauth-config.json"


{
    "issuer": "https://accounts.google.com",
    "clientID": "<client-id>",
    "clientSecret": "<client-secret-id>",
    "redirectURI": "https://<fqdn>/service/auth/sso/oauth/callback",
    "tokenURL": "https://oauth2.googleapis.com/token",
    "authorizationURL": "https://accounts.google.com/o/oauth2/auth",
    "scopes": ["profile"],
    "insecureSkipVerify": true,
    "userInfoURL": "https://www.googleapis.com/oauth2/v3/userinfo",
    "userIDKey": "sub"
}


Google provider offers a setup for Oauth2.



  • No labels