Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 5 Next »

SSO Google

Example Configuration:

[service.local]
protocol = "http"
policy = "failover"
admins = ["admin"]

[service.local.credential]
username = "user"
password = "password"

[[service.local.targets]]
hostname = "b2bmft.stonebranch.com"
port = 9180


Google Auth

Create a new Project under you google account: https://console.cloud.google.com/projectcreate

Create a new Credential for the service: https://console.cloud.google.com/apis/credentials

From the menu Create Credentials Select OAuth client ID and follow the steps

The application type must be: Web Application

Under the Authorized redirect URIs you should put the exact url where the proxy will be example:

https://<fqnd>:<port>/service/auth/sso/google/callback

For B2B:

https://b2bmft.stonebranch.com:9190/service/auth/sso/google/callback

Configure your application

img.png

After you complete the form, copy the following field or just download the json file where you will have the credentials needed to prepare our setup.

Create the following instance under your service with the path related to the configuration file

[service.local.auth.google]
file = "sso-google-udmg.json"

Create the following file with the values from the file

{
    "clientID": "client-id",
    "clientSecret": "client-server",
    "redirectURI": "<http-fqdn>/service/auth/sso/google/callback",
    "hostedDomains": ["domain.com"]
}

If you are going to use a public domain, like @gmail.com dont setup the hostedDomains, since the hd parameter in the callback will be empty.


OpenID

https://console.cloud.google.com/apis/credentials

[service.local.auth.oidc]
file = "openid-config.json"
{
    "issuer": "https://accounts.google.com",
    "clientID": "<client-id>",
    "clientSecret": "<client-secret-id>",
    "redirectURI": "https://<fqdn>/service/auth/sso/openid/callback"
}

OAuth2

[service.local.auth.oauth]
file = "oauth-config.json"
{
    "issuer": "https://accounts.google.com",
    "clientID": "<client-id>",
    "clientSecret": "<client-secret-id>",
    "redirectURI": "https://<fqdn>/service/auth/sso/oauth/callback",
    "tokenURL": "https://oauth2.googleapis.com/token",
    "authorizationURL": "https://accounts.google.com/o/oauth2/auth",
    "scopes": ["profile"],
    "insecureSkipVerify": true,
    "userInfoURL": "https://www.googleapis.com/oauth2/v3/userinfo",
    "userIDKey": "sub"
}


Google provider offer a setup for Oauth2.



  • No labels