Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 7 Next »

SSO Google

Example Configuration:

[service.local]
protocol = "http"
policy = "failover"
admins = ["admin"]

[service.local.credential]
username = "user"
password = "password"

[[service.local.targets]]
hostname = "b2bmft.stonebranch.com"
port = 9180


Google Auth

Create a new Project under your google account: https://console.cloud.google.com/projectcreate

Create a new Credential for the service: https://console.cloud.google.com/apis/credentials

From the menu Create Credentials Select OAuth Client ID.

The application type must be: Web Application

Under the Authorized redirect URIs,  put the exact url where the proxy will be. For example:

https://<fqnd>:<port>/service/auth/sso/google/callback

For B2B:

https://b2bmft.stonebranch.com:9190/service/auth/sso/google/callback

Configure your application.

After you complete the form, copy the following field or download the json file where you will have the credentials needed to prepare our setup.

Create the following instance under your service with the path related to the configuration file

[service.local.auth.google]
file = "sso-google-udmg.json"

Create the following file with the values from the file

{
    "clientID": "client-id",
    "clientSecret": "client-server",
    "redirectURI": "<http-fqdn>/service/auth/sso/google/callback",
    "hostedDomains": ["domain.com"]
}

If you are going to use a public domain, like @gmail.com dont setup the hostedDomains, since the hd parameter in the callback will be empty.


OpenID

https://console.cloud.google.com/apis/credentials

[service.local.auth.oidc]
file = "openid-config.json"
{
    "issuer": "https://accounts.google.com",
    "clientID": "<client-id>",
    "clientSecret": "<client-secret-id>",
    "redirectURI": "https://<fqdn>/service/auth/sso/openid/callback"
}

OAuth2

[service.local.auth.oauth]
file = "oauth-config.json"
{
    "issuer": "https://accounts.google.com",
    "clientID": "<client-id>",
    "clientSecret": "<client-secret-id>",
    "redirectURI": "https://<fqdn>/service/auth/sso/oauth/callback",
    "tokenURL": "https://oauth2.googleapis.com/token",
    "authorizationURL": "https://accounts.google.com/o/oauth2/auth",
    "scopes": ["profile"],
    "insecureSkipVerify": true,
    "userInfoURL": "https://www.googleapis.com/oauth2/v3/userinfo",
    "userIDKey": "sub"
}


Google provider offers a setup for Oauth2.



  • No labels