TPI.devCommunityGithub

AC OAuth 2.0 IdP

Path: AC User Management > AC OAuth 2.0 IdP

In this section, you can find instructions on how to maintain LDAP / Windows AD authentication servers.

Create AC OAuth 2.0 IdP

In this section, you can find instructions on how to create AC OAuth 2.0 IdP using OAuth2.0. You can create an AC OAuth 2.0 IdP for login.

  1. Click Create to access the AC OAuth 2.0 IdP creation page.

  1. Fill in the data or make selections as instructed below. The fields marked with “*” are required.

  • IdP Client Id*: A unique identifier used by third-party applications for identification and accessing protected resources.

  • IdP Client Name*: An identifiable user name.

  • IdP Client Secret*: User password.

  • Type*: License Type, a third-party application authorized by the user.

  • Client Status*: This account is active (Y) or inactive (N).

  • dgR Callback URL*: Redirect the user back to the specific URL of the client application and include the license certificate.

  • IdP Well Known URL*: A set of public, fixed URL paths used to store specific configuration information or metadata for a website or application. It helps developers easily find and access important information about their applications without first knowing the specific configuration of the application.

  • IdP Auth URL: The URL used to guide users through the authentication process, and allows applications to obtain the necessary authorization to perform specific operations or access restricted resources.

  • IdP Access Token URL: The specific URL used to obtain the Access Token. During the OAuth 2.0 authorization process, the Access Token is a credential that represents that a user has been authorized to access protected resources.

    - Once the client sends the request to the Access Token URL, the authorized service provider will check the legitimacy and validity of the request. If the verification is successful, the Access Token will be included in the response from the authorized service provider. Access tokens are used by the client to access protected resources and usually have a specific expiration date.

  • IdP Scope: Specify the range of the client application’s access to user resources. Scope might vary based on the needs of OAuth applications and is specified and implemented by an authorized service provider (usually an OAuth 2.0 licensed server).

  1. Click Create to save and exit.

View AC OAuth 2.0 IdP

  1. Click on the icon to access the details page.

  1. View the details of AC OAuth 2.0 IdP.

Update AC OAuth 2.0 IdP

  1. Click on the icon to access the Update page.

  1. Modify the desired fields, and click Update to save and exit.

Delete AC OAuth 2.0 IdP

  1. Search for the AC OAuth 2.0 IdP to delete, and click on the icon to access the Delete page.

  1. Click Delete to delete the AC OAuth 2.0 IdP and exit.

Link Google Account for Login

Get Client ID and Password on Google Cloud Platform

Path: Google Cloud Platform > Console >> APIs & Services

Go to the Google Cloud Platform to complete the required settings as instructed below.

  1. Apply for an account.

  2. Create a project.

  3. Configure the OAuth Consent screen.

  4. Edit application registration request.

  5. Get the OAuth certificate.

  6. Create an OAuth client ID.

  7. Acquire the client ID and password.

Access the configured client ID and password. Path: Google Cloud Platform > Console >> APIs & Services > Credentials

Click on the name in the OAuth 2.0 Client IDs section to access Client ID of the Web Application page, and the client number, password and creation date are displayed in the right-side of the page.

AC OAuth 2.0 IdP Settings

Path: AC User Management > AC OAuth 2.0 IdP

  • IdP Client Id*: The client ID (client_id), eg. client number, obtained from Google.

  • IdP Client Name*: Specify the client name for identification.

  • IdP Client Secret*: The client password (client_secret) obtained from Google.

  • Type*: Fixed value: GOOGLE

  • Client Status*: Fixed value: Y

  • dgR Callback URL*: Replace {{hostname}} with the hostname used by digiRunner, and leave the rest of the URL unchanged as it is fixed. https://{{hostname}}/dgrv4/ssotoken/acidp/GOOGLE/acIdPCallback

  • IdP Well Known URL*: Fixed value: https://accounts.google.com/.well-known/openid-configuration

  • IdP Auth URL: Not required.

  • IdP Access Token URL: Not required.

  • IdP Scope: Not required.

Parameter Settings

Path: System Configs > Setting

  • AC_IDP_ACCALLBACK_URL: Replace {{hostname}} with the hostname used by digiRunner, and leave the rest of the URL unchanged as it is fixed. https://{{hostname}}/dgrv4/ac4/idpsso/accallback

  • AC_IDP_LDAP_REVIEW_ENABLE: Whether true/false enables the automated user creation and approval letter process.

  • AC_IDP_MSG_URL: Replace {{hostname}} with the hostname used by digiRunner, and leave the rest of the URL unchanged as it is fixed. https://{{hostname}}/dgrv4/ac4/idpsso/errMsg

  • AC_IDP_REVIEWER_MAILLIST: If AC_IDP_LDAP_REVIEW_ENABLE is enabled, you can specify reviewer emails here, separating multiple groups by commas (,).

  • AC_IDP_REVIEW_URL: Replace {{hostname}} with the hostname used by digiRunner, and leave the rest of the URL unchanged as it is fixed. https://{{hostname}}/dgrv4/ssotoken/acidp/acIdPReview

PreviousDelegate AC UserNextAC LDAP IdP

Last updated

Was this helpful?