Difference between revisions of "WISE-PaaS/Single Sign-On(SSO)"

From ESS-WIKI
Jump to: navigation, search
Line 1: Line 1:
<font color="#000000">WISE-PaaS/OpenID is part of Advantech WISE-PaaS cloud solution and &nbsp;</font>plays an important role in the interoperability of Internet identity<font color="#000000">.</font>&nbsp;It provides a central login&nbsp;mechanism.
+
<p><font color="#000000">WISE-PaaS/OpenID is part of Advantech WISE-PaaS cloud solution and &#160;</font>plays an important role in the interoperability of Internet identity<font color="#000000">.</font>&#160;It provides a central login&#160;mechanism.
 
+
</p><p><font color="#000000">WISE-PaaS/OpenID Connect utilizes Keycloak which is&#160;an open source identity and access management for modern applications and services.</font>
<font color="#000000">WISE-PaaS/OpenID Connect utilizes Keycloak which is&nbsp;an open source identity and access management for modern applications and services.</font>
+
</p><p>
 
+
</p>
 
+
<h2> Features Overview </h2>
 
+
<p>Single-Sign On&#160;:&#160;Login once to multiple applications
== Features Overview ==
+
</p><p>Standard Protocols&#160;:&#160;OpenID Connect, OAuth 2.0 and SAML 2.0
 
+
</p><p>Centralized Management&#160;:&#160;For admins and users
Single-Sign On&nbsp;:&nbsp;Login once to multiple applications
+
</p><p>Adapters&#160;:&#160;Secure applications and services easily
 
+
</p><p>High Performance&#160;:&#160;Lightweight, fast and scalable
Standard Protocols&nbsp;:&nbsp;OpenID Connect, OAuth 2.0 and SAML 2.0
+
</p><p>Clustering&#160;:&#160;For scalability and availability
 
+
</p><p>Themes&#160;:&#160;Customize look and feel
Centralized Management&nbsp;:&nbsp;For admins and users
+
</p><p>Extensible&#160;:&#160;Customize through code
 
+
</p><p>Password Policies&#160;:&#160;Customize password policies
Adapters&nbsp;:&nbsp;Secure applications and services easily
+
</p><p>
 
+
</p>
High Performance&nbsp;:&nbsp;Lightweight, fast and scalable
+
<h2> Implementation </h2>
 
+
<h3> Apply a manager account for OpenID Central Server </h3>
Clustering&nbsp;:&nbsp;For scalability and availability
+
<p><i>Please sen a request to <a href="WISE-Paas%2FOpenID%20Connect%20service%20manager">WISE-Paas/OpenID Connect service manager</a> by E-mail. And provide the following information</i>
 
+
</p>
Themes&nbsp;:&nbsp;Customize look and feel
+
<ul><li>Service name&#160;: [<i>RMM</i>] as your&#160;realm.
 
+
</li>
Extensible&nbsp;:&nbsp;Customize through code
+
<li>Client name&#160;: [<i>RMMClient</i>] a client definition for a app to login in.
 
+
</li>
Password Policies&nbsp;:&nbsp;Customize password policies
+
<li>User registration&#160;: [<i>True/False</i>] Enable/Disable user registeration.
 
+
</li>
 
+
<li>Administrator account&#160;: [<i>RMMAdmin</i>] Use this account to manage this realm. The default password is same as account name. Change password after first login.
 
+
</li></ul><h3> Setting your service on OpenID server </h3>
== Implementation ==
+
<p>Open the <a href="https://openidserver.redirectme.net:8443/auth/admin/" alt="https://openidserver.redirectme.net:8443/auth/admin/" title="https://openidserver.redirectme.net:8443/auth/admin/">https://openidserver.redirectme.net:8443/auth/admin/</a>&#160;and login with applied administrator account to&#160;config your realm before implement your client app.
 
+
</p>
=== Apply a manager account for OpenID Central Server ===
+
<ul><li>(Essential) Public key&#160;:&#160;OpenID server generate a unique key for client app identification. Copy the public key to json setting file include in the client app .
 
+
</li>
''Please sen a request to [[WISE-Paas/OpenID_Connect_service_manager|WISE-Paas/OpenID Connect service manager]] by E-mail. And provide the following information''
+
<li>(Essential) Valid Redirect URIs &amp;&#160;Web Origins&#160;: Provide valid uri pattern for your client app. OpenID server would redirect to your client page while a successful login or logout. Your client page must be publicly accessible.
 
+
</li>
*Service name&nbsp;: [''RMM''] as your&nbsp;realm.
+
<li>(Optional) User registration&#160;:&#160;
*Client name&nbsp;: [''RMMClient''] a client definition for a app to login in.
+
</li></ul><h3> Implement client codes </h3>
*User registration&nbsp;: [''True/False''] Enable/Disable user registeration.
+
<p><i>....</i>
*Administrator account&nbsp;: [''RMMAdmin''] Use this account to manage this realm. The default password is same as account name. Change password after first login.
+
</p>
 
 
=== Setting your service on OpenID server ===
 
 
 
Open the [https://openidserver.redirectme.net:8443/auth/admin/ https://openidserver.redirectme.net:8443/auth/admin/]&nbsp;and login with applied administrator account to&nbsp;config your realm before implement your client app.
 
 
 
*(Essential) Public key&nbsp;:&nbsp;OpenID server generate a unique key for client app identification. Copy the public key to json setting file include in the client app .
 
*(Essential) Valid Redirect URIs &&nbsp;Web Origins&nbsp;: Provide valid uri pattern for your client app. OpenID server would redirect to your client page while a successful login or logout. Your client page must be publicly accessible.
 
*(Optional) User registration&nbsp;:&nbsp;
 
 
 
=== Implement client codes ===
 
 
 
''....''
 
 
 
 
<h2> Sample code </h2>
 
<h2> Sample code </h2>
 
<p>OpenID.json
 
<p>OpenID.json
<pre class="fck_mw_syntaxhighlight"><syntaxhighlight lang="C">int JSON_Validator(const char *json);</syntaxhighlight></pre>
+
<pre class="fck_mw_syntaxhighlight">&lt;syntaxhighlight lang=&quot;C&quot;&gt;int JSON_Validator(const char *json);&lt;/syntaxhighlight&gt;</pre>
 
</p>
 
</p>

Revision as of 06:18, 10 January 2017

WISE-PaaS/OpenID is part of Advantech WISE-PaaS cloud solution and  plays an important role in the interoperability of Internet identity. It provides a central login mechanism.

WISE-PaaS/OpenID Connect utilizes Keycloak which is an open source identity and access management for modern applications and services.

Features Overview

Single-Sign On : Login once to multiple applications

Standard Protocols : OpenID Connect, OAuth 2.0 and SAML 2.0

Centralized Management : For admins and users

Adapters : Secure applications and services easily

High Performance : Lightweight, fast and scalable

Clustering : For scalability and availability

Themes : Customize look and feel

Extensible : Customize through code

Password Policies : Customize password policies

Implementation

Apply a manager account for OpenID Central Server

Please sen a request to <a href="WISE-Paas%2FOpenID%20Connect%20service%20manager">WISE-Paas/OpenID Connect service manager</a> by E-mail. And provide the following information

  • Service name : [RMM] as your realm.
  • Client name : [RMMClient] a client definition for a app to login in.
  • User registration : [True/False] Enable/Disable user registeration.
  • Administrator account : [RMMAdmin] Use this account to manage this realm. The default password is same as account name. Change password after first login.

Setting your service on OpenID server

Open the <a href="https://openidserver.redirectme.net:8443/auth/admin/" alt="https://openidserver.redirectme.net:8443/auth/admin/" title="https://openidserver.redirectme.net:8443/auth/admin/">https://openidserver.redirectme.net:8443/auth/admin/</a> and login with applied administrator account to config your realm before implement your client app.

  • (Essential) Public key : OpenID server generate a unique key for client app identification. Copy the public key to json setting file include in the client app .
  • (Essential) Valid Redirect URIs & Web Origins : Provide valid uri pattern for your client app. OpenID server would redirect to your client page while a successful login or logout. Your client page must be publicly accessible.
  • (Optional) User registration : 

Implement client codes

....

Sample code

OpenID.json 

<syntaxhighlight lang="C">int JSON_Validator(const char *json);</syntaxhighlight>

Retrieved from "https://ess-wiki.advantech.com.tw/wiki/index.php?title=WISE-PaaS/Single_Sign-On(SSO)&oldid=4947"