Article Name: SSO Configuration
Category/Module: Administration
Tags: SSO, Setup, Manage
Version: 3.8.1
Date Updated: 28 Dec 2016
The Single Sign-On feature is an safe alternative to credential loss. This User Authentication service that permits a user to use one set of login credentials (e.g. name and password) to access multiple applications.
- Authentication
SSO Configuration (Google Authentication)
1) Go to OpenEMIS Core
2) Go Administration > System Setup > System Configurations
3) Select Authentication for dropdown list
4) Select Edit button
5) Select Value = Google
6) Go to https://console.developers.google.com/
7) Login using your Google Account, and you will be re-directed to the homepage of Google console Developer.
8) Select on Create Project option from the Drop-Down list.
9) Enter the Project Name, and select on Create button.
10) Page will re-directed to the created project displayed above, go to Credentials tab.
11) Select on Create credentials > OAuth client ID
12) Select on Configure consent screen.
13) Enter the Product Name > Save.
14) Select on Web application radio button, we will have to go back to OpenEMIS Core and copy the Redirect URI text and copy to the Authorised redirect URIs field in the Google Developer Console Credentials > Create.
15) Page will display the Client ID and Client Secret, which you will have to copy and paste it into the respective fields in OpenEMIS Core.
16) Select to Allow User Creation > Save.
17) Once you logout and login, you will no longer see fields to login your credentials, select Login.
18) You will be able to login successfully and view the modules, based on the permission access.
SSO Configuration (OAuth 2.0 with OpenID Connect)
1) Go to OpenEMIS Core (demo.openemis.org/core)
2) Go Administration > System Setup > System Configurations
3) Select Authentication for dropdown list
4) Select Edit button
5) Select Value = OAuth 2.0 with OpenID Connect
6) Enter OpenID Configuration URI. In this case, enter: https://dmo-prd.openemis.org/portal/.well- known/openid-configuration
The following URI will be auto populated
o Authentication URI
o Token URI
o User Information URI
o Issuer
o Public Key URI
7) Enter Username Mapping as user_login
8) Go to Portal (eg. https://demo.openemis.org/portal/wp-admin)
9) Login with Username and Password
10) Go to OAuth Server > Settings
11) Select Clients tab > Add New Client
12) Enter the Client Name, Copy the “Redirect URI” from Core (please refer screenshot Step 3 or 4)\ Paste in Portal’s “Redirect URI”
13) Select Add Client button
14) Copy Client ID from Portal and paste into Core Client ID.
15) Select on the Client Name that has been created in Step 12 > “Show Secret”
16) Copy Client Secret and paste into Core Client Secret > Save
17) Open a new browser > Enter https://demo.openemis.org/core > Ensure the system direct user to portal website
18) Enter the URL in order to switch products using same user login
19) Repeat step 1 to 17 for Dashboard and Integrator