OIDC Settings file

Hi,
I am trying to integrate open pass with a OIDC server. I installed the https://github.com/linagora/linagora.esn.oidc and did the npm install and all good. The next step is to provide the information about the OIDC server. Which is described here : https://docs.open-paas.org/apis/auth/oidc/#oidc-configuration. Where should i put this configuration please? Is it a file or a screen in open pass admin?

Thanks

Hi Guys,
Any update on this please?
@chamerling @phamtuanchip @dtpham

Simply, where should I put this configuration please (file or ui screen etc):

Thanks,

Hello @yetiho6774
What do you want to do with OIDC?

For the configuration, OpenPaaS does not support the configuration UI page to configure yet, instead, you need to touch to DB and save it in the “Configuration” collection, at platform-wide(domain_id is null).

@tuanlc, Thanks for that information. I am trying to integrate the Google Authentication with openpass. I want open pass to redirect to google login page when I got to openpass login page. Hope this is can be done with that settings?. I don’t see a “redirect_url” to redirect back to open pass after successful authentication in google. Also should I be using “access code” grant for this please?

Thanks!

Hmmm. Seems Oauth feature is what you need.

To enable Oauth strategies, check this document

The document is quite out date at Global configuration since OpenPaaS supported configuration interface.

To configure social providers, you need to login as a platform admin, go to Administration page => Platform mode => Social connections

Result

Hi @tuanlc,
Thanks again for the detailed information. I might have mislead you in here. I am trying to do the Single Sign On with our own Identity server. . I took google as an example but it doesn’t seems like it is good example in this context. Our own Identity server can create AppID, client secret and has login page to login. We want to use that feature to login. I was looking the below link and trying to setup the SSO. Also we are planning to use linshare as well.

https://docs.open-paas.org/apis/auth/index/

If my assumption is still valid for SSO, in which section should I be adding the config in here please :

Thanks

Hi @tuanlc,
I made the changes in Mongo DB (first section where domain is null) also enabled the oidc module in config/default.json and restarted all services. (I did npm install to install the oidc module) module is in node_modules and not the modules folder. Still I am seeing the openpass login screen. Can you please guide on how to see the logs in this authentication flow to debug this issue.

Thanks

Hi Guys,
Can you please suggest some instructions on checking some logs to see why it doesn’t go to identity server’s login page.

@tuanlc @phamtuanchip @chamerling
Thanks

Hello,

Did you updated the configuration file in config/default.json and added oidc in apiStrategies ?

@chamerling, Yes. I did modify that.
Is it using Code grant?.
I looked at some documentation and it is mentioned that the email domain should match in both places. How do I setup the domain in openpass please. Let’s say my SSO user’s have user@myofficemail.com as an email account. Do I need to create a something in openpass with myofficemail.com. If so how to do that please?

You can change the domain name directly in MongoDB domains collection. By default you should have only one document. Edit it to update the name to myofficemail.com