Open Id Connect

Posted on by cyberspace709

images

 

Open Id connect.

Tried  Identity Server

index1

  • Gluu

    • Problem with the Acess Token.
    • Gluu Team Suggests the use of a intermediate oxd server which is confusing.

 

index2

  • WSO2 Identity Server.

    • Claim management problem.
    • No Openid connect discovery
      • from the url ./well-known/openid-configuration
      • requires manually editing the configuration.
  • index

  • Drupal.

    • Working Fine.
    • Server Settings.
      • install drupal
      • run on https
      • enable Oauth2 server and its dependencies
      • enable Openid connect library by adding the following two modules
        • Library API
        • Libraries
      • Do the plugin configuration
        • create server
        • create client with a proper redirect Uri
        • enable the scopes (openid email profile)
        • create an user with some credentials

  • WordPress

    • Requires License Key for the openid plugin

Tried client applications

  • wordpressindex3
    • wordpress with gluu
      • problem with access token exists.
        • the access token provider is expired,revoked or malformed .Try to request a new access token.
    • wordpress with wso2
      • problem with the claim mapping using wordpress openid connect plugin.
        • It is really confusing on whether which openid dialect used during openid connect.
        • oidc/claim or wso2/claims
        • ambiguity in how the attributes are mapped from one claim to another.
      • ssl error with the openid connect generic plugin
    • wordpress with Drupal
      • working fine with wordpress openid connect plugin.
        • Do the server configuration.
        • using the client id and client secret obtained from the drupal configure the wordpress openid connect plugin .
  • images4

  • orangehrm

    • orangehrm with drupal
      • working good after some plugin configuration.
      • edited the social media authentication plugin in the orangehrm.
        • put the openid connect library in
        • /var/www/html/orangehrm/symfony/plugins/orangehrmOpenidAuthenticationPlugin/lib/vendor/GoogleAPIClient
        • edit the file in
        • /var/www/html/orangehrm/symfony/plugins/orangehrmOpenidAuthenticationPlugin/lib/authproviders/GoogleAuthProvider.php
          • inside the function validate user.
          • $oClient=new OpenIDConnectClient(‘https://localhost/’,$authProvider->getClientId(),$authProvider->getClientSecret());
            $oClient->setRedirectURL($provider->getProviderUrl());$oClient->addScope(‘openid’);
            $oClient->addScope(’email’);
            $oClient->addScope(‘profile’);
            $oClient->authenticate();
            $name = $oClient->requestUserInfo(‘given_name’);
            echo var_dump($oClient);
            $username=$oClient->requestUserInfo(’email’);
            $dataArray[‘providerid’] = $provider->getProviderId();
            $dataArray[‘useridentity’] = $oClient->getAccessToken();
            $success = $this->getOpenIdService()->setOpenIdCredentials($username, $dataArray);
            if ($success) {
            $flag = array(‘type’ => ‘true’, ‘message’ => ‘User has authentication!’);
            return $flag;
            } else {
            $flag = array(‘type’ => ‘false’, ‘message’ => ‘User Account Not found’);
            return $flag;
            }exit();
          • add the following line to /var/www/html/orangehrm/symfony/cache/orangehrm/prod/config/config_autoload.yml.php
          • ‘openidconnectclient’ => ‘/var/www/html/orangehrm/symfony/plugins/orangehrmOpenidAuthenticationPlugin/lib/vendor/GoogleAPIClient/OpenIDConnectClient.php’
          • to enable the library
      • if verifyRSAJWTsignature is causing some problems
      • set its return value always to false to skip verification
  • images1
  •  Redmine
    • redmine with drupal
      • working good after some plugin configuration.
        • installed redmine and configured ssl on port 8080
        • setup the omni auth open id connect google plugin for redmine
        • created a folder in /usr/share/redmine/plugin..
        • cd /usr/share/redmine/plugins
        • git clone https://github.com/twinslash/redmine_omniauth_googe.git
        • cd ../
        • bundle install
        • go to /usr/share/redmine/plugins/redmine_omniauth_google/app/controllers/redmine_oauth_controller.rb
          • for ssl error on localhost,add the following two lines
            • require ‘openssl’
            • OpenSSL::SSL::VERIFY_PEER = OpenSSL::SSL::VERIFY_NONE
          • edit provider url , authorize url ,token url and userinfo url
          • add a state variable in the authorization request because state parameter is required for drupal.
          • edit the scopes to openid email profile.
          • change the code in the try_login_info function as
            • user = User.select(:lastname, :firstname, :status, :login, :must_change_passwd, :id).where(:mail => info[“email”] ).first_or_create.
      • enable the logging
        • add following into the config/environment/production.rb
        • config.log_level = :debug
        • add the code
          • logger.debug() to view the log in /var/log/redmine/default/production.log

Published by cyberspace709

Leave a comment