WISE-PaaS/Single Sign-On(SSO)

From ESS-WIKI
Revision as of 06:20, 10 January 2017 by Dylan.chang (talk | contribs)
Jump to: navigation, search

WISE-PaaS/OpenID is part of Advantech WISE-PaaS cloud solution and  plays an important role in the interoperability of Internet identity. It provides a central login mechanism.

WISE-PaaS/OpenID Connect utilizes Keycloak which is an open source identity and access management for modern applications and services.


Features Overview

Single-Sign On : Login once to multiple applications

Standard Protocols : OpenID Connect, OAuth 2.0 and SAML 2.0

Centralized Management : For admins and users

Adapters : Secure applications and services easily

High Performance : Lightweight, fast and scalable

Clustering : For scalability and availability

Themes : Customize look and feel

Extensible : Customize through code

Password Policies : Customize password policies


Implementation

Apply a manager account for OpenID Central Server

Please sen a request to <a href="WISE-Paas%2FOpenID%20Connect%20service%20manager">WISE-Paas/OpenID Connect service manager</a> by E-mail. And provide the following information

  • Service name : [RMM] as your realm.
  • Client name : [RMMClient] a client definition for a app to login in.
  • User registration : [True/False] Enable/Disable user registeration.
  • Administrator account : [RMMAdmin] Use this account to manage this realm. The default password is same as account name. Change password after first login.

Setting your service on OpenID server

Open the <a href="https://openidserver.redirectme.net:8443/auth/admin/" alt="https://openidserver.redirectme.net:8443/auth/admin/" title="https://openidserver.redirectme.net:8443/auth/admin/">https://openidserver.redirectme.net:8443/auth/admin/</a> and login with applied administrator account to config your realm before implement your client app.

  • (Essential) Public key : OpenID server generate a unique key for client app identification. Copy the public key to json setting file include in the client app .
  • (Essential) Valid Redirect URIs & Web Origins : Provide valid uri pattern for your client app. OpenID server would redirect to your client page while a successful login or logout. Your client page must be publicly accessible.
  • (Optional) User registration : 

Implement client codes

....

Sample code

OpenID.json

Result:

{
    "name":       "Jurassic World",
    "width":      1920,
    "height":     1080,
    "frame rate": {15, 25, 30}
    "info": {
        "video": ["H264","6000"],
        "audio": ["AAC", "14400"]
    }
}