]po[ Single Sign-On (SSO) with OAuth2

Login screenshot The ]po[ Single Sign-On package allows users to authenticate against one of the many available social login providers using the OAuth2 protocol. Currently, the package supports:

  • Google
  • Microsoft

Other providers will be added in the future or on demand.

Setup Google as Authentication Provider

Google is the easiest account to setup, so we use it as the reference example here.

You start by creating an "Auth Client" in Google using the Google Cloud platform. You only need a valid Google account. The use of OAuth2 is free (at the moment...).

The Google console for OAuth2 is available here:

Please create a new OAuth2 Client. In this example we take the data from the ]po[ demo server. This server is visible under two different URLs:

Here are the data you have to enter into the Google form:

  • Name: demo.project-open.net
  • Authorize JavaScript origins:
    • https://demo.project-open.net
    • https://po52demo.project-open.net
  • Autorized redirect URIs:
    • https://demo.project-open.net/intranet-oauth2/google
    • https://po52demo.project-open.net/intranet-oauth2/google

When saving these data, Google will create two values:

  • Client ID
  • Client secret

So the result should look similar to this:

Google console

 

Setting Parameters

In Admin -> Parameters -> intranet-oauth2 please enter the Client ID and the Client secret into the respective parameters. You can leave the other parameters empty:

Login parameters

Activate Social Login

There is a login screen for testing purposes: https://your_server/intranet-oauth2/index

The social login button on this screen will appear once the GoogleClientID parameter has a value.

To permanently activate social login log all user you will have to edit the site-wide login page in /web/projop/www/index.adp. On a Linux server, you have to use Vi, Emacs or a similar editor. Please search for a line like this:

<include src="/packages/acs-subsite/lib/login" ...>

In this line please replace "/packages/acs-subsite/lib/login" by "/packages/intranet-oauth2/lib/login".

Setup Microsoft as Authentication Provider

The Microsoft setup works exactly like the Google setup, except for two differences:

  • The setup is not free. You need to have a "Tenant" for your company, which only comes with a subscription
  • You need to specify the Tenant ID in the ]po[ Microsoft parameters section in Admin -> Parameters -> intranet-oauth2.

 

  Contact Us
  Project Open Business Solutions S.L.

Calle Aprestadora 19, 12o-2a

08902 Hospitalet de Llobregat (Barcelona)

Spain

 Tel Europe: +34 609 953 751
 Tel US: +1 415 200 2465
 Mail: info@project-open.com

  Links: