Difference between revisions of "WISE-PaaS/Single Sign-On(SSO)"
From ESS-WIKI
Dylan.chang (talk | contribs) |
Dylan.chang (talk | contribs) |
||
| Line 1: | Line 1: | ||
| − | + | <font color="#000000">WISE-PaaS/OpenID is part of Advantech WISE-PaaS cloud solution and </font>plays an important role in the interoperability of Internet identity<font color="#000000">.</font> It provides a central login mechanism. | |
| − | + | ||
| − | + | <font color="#000000">WISE-PaaS/OpenID Connect utilizes Keycloak which is an open source identity and access management for modern applications and services.</font> | |
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | == Features Overview == | |
| − | + | ||
| − | + | Single-Sign On : Login once to multiple applications | |
| − | + | ||
| − | + | Standard Protocols : OpenID Connect, OAuth 2.0 and SAML 2.0 | |
| − | + | ||
| − | + | Centralized Management : For admins and users | |
| − | + | ||
| − | + | Adapters : Secure applications and services easily | |
| − | + | ||
| − | + | High Performance : Lightweight, fast and scalable | |
| − | + | ||
| − | + | Clustering : For scalability and availability | |
| − | + | ||
| − | + | Themes : Customize look and feel | |
| − | + | ||
| − | + | Extensible : Customize through code | |
| − | + | ||
| − | + | Password Policies : Customize password policies | |
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | == Implementation == | |
| − | + | ||
| − | + | === Apply a manager account for OpenID Central Server === | |
| − | + | ||
| − | + | ''Please sen a request to <a href="WISE-Paas%2FOpenID%20Connect%20service%20manager">WISE-Paas/OpenID Connect service manager</a> by E-mail. And provide the following information'' | |
| − | + | ||
| − | + | *Service name : [''RMM''] as your realm. | |
| − | + | *Client name : [''RMMClient''] a client definition for a app to login in. | |
| − | + | *User registration : [''True/False''] Enable/Disable user registeration. | |
| − | + | *Administrator account : [''RMMAdmin''] Use this account to manage this realm. The default password is same as account name. Change password after first login. | |
| − | + | ||
| − | + | === Setting your service on OpenID server === | |
| − | <pre | + | |
| − | + | Open the <a href="[https://openidserver.redirectme.net:8443/auth/admin/ https://openidserver.redirectme.net:8443/auth/admin/]" alt="[https://openidserver.redirectme.net:8443/auth/admin/ https://openidserver.redirectme.net:8443/auth/admin/]" title="[https://openidserver.redirectme.net:8443/auth/admin/ https://openidserver.redirectme.net:8443/auth/admin/]">[https://openidserver.redirectme.net:8443/auth/admin/ https://openidserver.redirectme.net:8443/auth/admin/]</a> and login with applied administrator account to config your realm before implement your client app. | |
| + | |||
| + | *(Essential) Public key : OpenID server generate a unique key for client app identification. Copy the public key to json setting file include in the client app . | ||
| + | *(Essential) Valid Redirect URIs & Web Origins : Provide valid uri pattern for your client app. OpenID server would redirect to your client page while a successful login or logout. Your client page must be publicly accessible. | ||
| + | *(Optional) User registration : | ||
| + | |||
| + | === Implement client codes === | ||
| + | |||
| + | ''....'' | ||
| + | |||
| + | == Sample code == | ||
| + | |||
| + | OpenID.json | ||
| + | |||
| + | '''Result:''' | ||
| + | <pre>{ | ||
| + | "name": "Jurassic World", | ||
| + | "width": 1920, | ||
| + | "height": 1080, | ||
| + | "frame rate": {15, 25, 30} | ||
| + | "info": { | ||
| + | "video": ["H264","6000"], | ||
| + | "audio": ["AAC", "14400"] | ||
| + | } | ||
| + | }</pre> | ||
Revision as of 06:20, 10 January 2017
WISE-PaaS/OpenID is part of Advantech WISE-PaaS cloud solution and plays an important role in the interoperability of Internet identity. It provides a central login mechanism.
WISE-PaaS/OpenID Connect utilizes Keycloak which is an open source identity and access management for modern applications and services.
Contents
Features Overview
Single-Sign On : Login once to multiple applications
Standard Protocols : OpenID Connect, OAuth 2.0 and SAML 2.0
Centralized Management : For admins and users
Adapters : Secure applications and services easily
High Performance : Lightweight, fast and scalable
Clustering : For scalability and availability
Themes : Customize look and feel
Extensible : Customize through code
Password Policies : Customize password policies
Implementation
Apply a manager account for OpenID Central Server
Please sen a request to <a href="WISE-Paas%2FOpenID%20Connect%20service%20manager">WISE-Paas/OpenID Connect service manager</a> by E-mail. And provide the following information
- Service name : [RMM] as your realm.
- Client name : [RMMClient] a client definition for a app to login in.
- User registration : [True/False] Enable/Disable user registeration.
- Administrator account : [RMMAdmin] Use this account to manage this realm. The default password is same as account name. Change password after first login.
Setting your service on OpenID server
Open the <a href="https://openidserver.redirectme.net:8443/auth/admin/" alt="https://openidserver.redirectme.net:8443/auth/admin/" title="https://openidserver.redirectme.net:8443/auth/admin/">https://openidserver.redirectme.net:8443/auth/admin/</a> and login with applied administrator account to config your realm before implement your client app.
- (Essential) Public key : OpenID server generate a unique key for client app identification. Copy the public key to json setting file include in the client app .
- (Essential) Valid Redirect URIs & Web Origins : Provide valid uri pattern for your client app. OpenID server would redirect to your client page while a successful login or logout. Your client page must be publicly accessible.
- (Optional) User registration :
Implement client codes
....
Sample code
OpenID.json
Result:
{
"name": "Jurassic World",
"width": 1920,
"height": 1080,
"frame rate": {15, 25, 30}
"info": {
"video": ["H264","6000"],
"audio": ["AAC", "14400"]
}
}