extern/egroupware_official
1
0
Fork 0
mirror of https://github.com/EGroupware/egroupware.git synced 2024-11-28 10:53:39 +01:00
Code Issues Packages Projects Releases Wiki Activity

move client configuration to their own pages

Ralf Becker 2020-05-22 11:06:59 +02:00
parent f10b5b90d6
commit 4153fc16be
1 changed files with 2 additions and 40 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

42
OpenID-Connect----OAuth2.md

@ -21,46 +21,8 @@ This page describes how to authenticate and (optionally) integrate other applica
> Go to: Admin > Applications > OpenID / OAuth2 server > Clients > Go to: Admin > Applications > OpenID / OAuth2 server > Clients
### Configuration of tested clients ### Configuration of tested clients
* [[Rocket.Chat]]
#### Rocket.Chat custom OAuth configuration * [[Moodle]]
Install Rocket.Chat eg. via [docker-compose](https://rocket.chat/docs/installation/docker-containers/docker-compose/).
You need to create a Client-Identifier and -Secret via Admin >> OpenID / OAuth2 server >> Clients with the following grants:
* Authorization Code
* Refresh Token
* Implicit
Then head in the Rocket.Chat Administration down to OAuth and click [Add custom oauth], give it a name eg. "EGroupware" and add the following values:
```
Enable: True
URL: https://example.org/egroupware/openid/endpoint.php
Token Path: /access_token
Token Send Via: Payload
Identity Token Send Via: Header
Identity Path: /userinfo
Authorize Path: /authorize
Scope: openid email profile roles
Param Name for access token: access_token
Id: <client-id-from-egroupware>
Secret: <client-secret-from-egroupware>
Login Style: Redirect
Button Text: EGroupware users click here
Username field: id
Name field: name
Avatar field: picture
Roles/Groups field name: roles
Merge roles from SSO: True (currently role got lost when rocketchat/status app login to RC api!)
Merge Users: True
```
Then click on [Save changes] to activate login and user creation through EGroupware.
(If Rocket.Chat runs in Docker on a Mac and EGroupware directly on the Mac, use "docker.for.mac.localhost" as hostname, as it is different from localhost!)
If you only want users from EGroupware and no free registration with local passwords, go to Adminstration >> Accounts and set:
```
Show Default Login Form: False
```
### Troubleshooting ### Troubleshooting
* Enable request log under: Admin > Applications > OpenID / OAuth2 server > Request log * Enable request log under: Admin > Applications > OpenID / OAuth2 server > Request log