Configure an OAuth 2.0 authentication

In this topic, you learn how to set up an authentication via OAuth 2.0 and how to configure it in your Cockpit.

Prerequisites

  • There are no prerequisites.

Procedure

  1. In the Cockpit, go to Settings, and select System Settings.

  2. In the Authentication tab, select Edit.

  3. Select Add, and select OAuth2.

    Result: The Authentication dialog opens.

  4. Enter a Name for the authentication.

  5. Select Active to activate this authentication method.

  6. Select Show on Login Page to display the authentication method on the login page.

  7. Enter a Description.

  8. Enter a Path to post login data.

    Depending on what authentication method you want to use, fill in the following fields accordingly:

    Authorization URL
    Token URL
    Callback URL
    Redirect URL
    Client ID
    Client Secret

    Optionally, to send a reminder email to renew your client secret for OAuth 2.0, turn on the switch Send Reminder Email before Expiry.

    If you turn on the switch, in Expiry Date, select the expiry date of the client secret. In Days before Expiry, select the number of days in 24 hours until midnight that the email reminder should be sent before expiry of the client secret. In Send to Email Address, enter an email address of your choosing or one that corresponds to the email address you configure for the SMTP host in the Emailing tab.

    Scope
    Profile Script

  9. In Claims Assignment, you can map incoming identity-provider claims to user properties within the system. Each entry consists of three parts:

    • Claim: The name of the incoming claim or scope provided by the authentication authority.

    • Default: An optional fallback value used when the claim is missing or not supplied.

    • User Fields: A selectable internal user attribute (for example, Username, Email, Language, Name, Phone, Mobile) that the claim should populate.

      You can create multiple rows to define as many claim–to–property mappings as required. When a user signs in, the system evaluates the received token, applies the mappings, and populates or updates the corresponding user fields accordingly.

  10. In Auto Assignment, assign roles and the security groups.

  11. In Post Authentication Script, use Script to select a server script that should run after authentication. The script has access to the global variables profile, user, and updatedUser.

    If no server script is selected, you can enter custom logic in Function (profile, user, updatedUser, require, getEntityRepository, log). This allows you to run post-authentication code, such as logging details or modifying the variables, for example:

    log.info("XXuser",user);
log.info("XXprofile",profile);
log.info("Member of:"+ profile.memberof);
    Inline post-authentication scripts will be deprecated in a future patch. Plan to move any custom logic to a server script.

  12. Select OK to confirm.

  13. In System Settings, select Restart to activate OAuth 2.0 authentication.

Results

  • You have configured and activated an OAuth 2.0 authentication.

Related topics