Difference between revisions of "WISE-PaaS/Single Sign-On(SSO)"
Dylan.chang (talk | contribs) |
Dylan.chang (talk | contribs) |
||
| Line 64: | Line 64: | ||
TestOpenID.html : An example HTML login client for WISE-PaaSOpenID Connect | TestOpenID.html : An example HTML login client for WISE-PaaSOpenID Connect | ||
| − | <pre> | + | <pre>HTML</pre> |
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
Revision as of 07:41, 10 January 2017
WISE-PaaS/OpenID is part of Advantech WISE-PaaS cloud solution and plays an important role in the interoperability of Internet identity. It provides a central login mechanism.
WISE-PaaS/OpenID Connect utilizes Keycloak which is an open source identity and access management for modern applications and services.
Contents
Features Overview
Single-Sign On : Login once to multiple applications
Standard Protocols : OpenID Connect, OAuth 2.0 and SAML 2.0
Centralized Management : For admins and users
Adapters : Secure applications and services easily
High Performance : Lightweight, fast and scalable
Clustering : For scalability and availability
Themes : Customize look and feel
Extensible : Customize through code
Password Policies : Customize password policies
Implementation
Apply a manager account for OpenID Central Server
Please sen a request to <a href="WISE-Paas%2FOpenID%20Connect%20service%20manager">WISE-Paas/OpenID Connect service manager</a> by E-mail. And provide the following information
- Service name : [RMM] as your realm.
- Client name : [RMMClient] a client definition for a app to login in.
- User registration : [True/False] Enable/Disable user registeration.
- Administrator account : [RMMAdmin] Use this account to manage this realm. The default password is same as account name. Change password after first login.
Setting your service on OpenID server
Open the <a href="https://openidserver.redirectme.net:8443/auth/admin/" alt="https://openidserver.redirectme.net:8443/auth/admin/" title="https://openidserver.redirectme.net:8443/auth/admin/">https://openidserver.redirectme.net:8443/auth/admin/</a> and login with applied administrator account to config your realm before implement your client app.
- (Essential) Public key : OpenID server generate a unique key for client app identification. Copy the public key to json setting file include in the client app .
- (Essential) Valid Redirect URIs & Web Origins : Provide valid uri pattern for your client app. OpenID server would redirect to your client page while a successful login or logout. Your client page must be publicly accessible.
- (Optional) User registration :
Implement client codes
....
Sample code
OpenID.json : Replace realm, realm-public-key, client-id, resource according to realm setting
{
"realm": "RMM",
"realm-public-key":"MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgXyx5rl6laDJKt5vvz1lNYsrDgNHZKetagmr81IyvTuYpWQFwJwnai5pNQxfa6jgFBPiOg+pwD7jAfCgQghqWZFWVqPkL+Wt1PXEAXkg54yz9+oCrahsHZPoaQyWhTyf8StBqFUZurA7HkfRqPFINge5xo0jlkjVTcGUUTD/4HzEXc9tYdI1wqv9Ymd+eWG/uhYMu67DvzdNg/aIgxp5U7kYWZiyApjZH4ymP7fEWyFSSRSM/IwWKuW1Lc22w2nEU4RozZ5WF7QoOsjGB7ya62wwJN9UC+v+AgtUDy0VDkiDWruSz9pFQhTyWS1ITh9qoZerJdhu47eHPNKhoGVJpwIDAQAB",
"auth-server-url": "https://openidserver.redirectme.net:8443/auth",
"ssl-required": "all requests",
"client-id": "RMMClient",
"public-client": true,
"resource":"RMMClient"
}
TestOpenID.html : An example HTML login client for WISE-PaaSOpenID Connect
HTML