Open ID Connect integration

Hi,
I am looking at the OIDC documentation from here : http://docs.open-paas.org/apis/auth/oidc/#user-provisioning

Let’s say I integrated with google authentication, how does the flow works now. If go to login page (http://publicip/login?continue=%2F#/) it automatically redirects to the google authentication page? If so how do I login as administrator or with the users I created in open pass portal please.

Thanks

Hello,

In the standard OIDC flow, you will be redirected to the OIDC provider login page and once logged in, you will be redirected to the OpenPaaS home page.

Here are some implementation details on the OpenPaaS side:

  • The OIDC strategy on the backend provisions users automatically on their first connection but
  • Users are provisioned in the OpenPaaS database on their first connection
  • The domain linked to the user must match the email domain, if not it will fail
  • Admin management is not supported right now from OIDC

Thanks, @chamerling
Does it mean that once I setup open ID connect the admin login will no longer work. Like you said admin user password cannot be typed in OIDC provider.
So what is the option for the admin to login pls?

Thanks

It can work if you update the administrator directly in the database but what we usually is:

  1. Having a public ESN instance for users with OIDC and users use this one
  2. Having a privateESN instance for administrators, without OIDC, and admins use this one

Thanks @chamerling . You mean the private ESN should point to the same mongo DB?. Just the DB connection alone is sufficient or some other components as well.
(mongod,elasticsearch,cassandra,redis,rabbitmq-server,php-fpm,nginx,james)

Hello @wifaw,

The DB connection should be enough but not sure the ESN service will start without all.