AC OAuth 2.0 IdP

Path: AC User Management > AC OAuth 2.0 IdP

In this section, you can find instructions on how to maintain LDAP / Windows AD authentication servers.

Create AC OAuth 2.0 IdP

In this section, you can find instructions on how to create AC OAuth 2.0 IdP using OAuth2.0. You can create an AC OAuth 2.0 IdP for login.

1. Click Create to access the AC OAuth 2.0 IdP creation page.

1. Fill in the data or make selections as instructed below. The fields marked with “*” are required.

• Client Id*: A unique identifier used by third-party applications for identification and accessing protected resources.

• Client Name*: An identifiable username.

• Client Secret*: User password.

• Type*: License Type, a third-party application authorized by the user.

• Client Status*: This account is active (Y) or inactive (N).

• Callback URL*: Redirect the user back to the specific URL of the client application and include the license certificate.

• Well Known URL*: A set of public, fixed URL paths used to store specific configuration information or metadata for a website or application. It helps developers easily find and access important information about their applications without first knowing the specific configuration of the application.

• Auth URL: The URL used to guide users through the authentication process, and allows applications to obtain the necessary authorization to perform specific operations or access restricted resources.

• Access Token URL: The specific URL used to obtain the Access Token. During the OAuth 2.0 authorization process, Access Token is a credential that represents that a user has been authorized to access protected resources.

  Once the client sends the request to the Access Token URL, the authorized service provider will check the legitimacy and validity of the request. If the verification is successful, the Access Token will be included in the response from the authorized service provider. Access tokens are used by the client to access protected resources and usually have a specific expiration date.

• Scope: Specify the range of the client application’s access to user resources. Scope might vary based on the needs of OAuth applications and is specified and implemented by an authorized service provider (usually an OAuth 2.0 licensed server).

1. Click Create to save and exit

View AC OAuth 2.0 IdP

1. View the details of AC OAuth 2.0 IdP.

Update AC OAuth 2.0 IdP

1. Modify the desired fields, and click Update to save and exit.

Delete AC OAuth 2.0 IdP

1. Click Delete to delete the AC OAuth 2.0 IdP and exit.

Link Google Account for Login

Get Client ID and Password on Google Cloud Platform

Go to the Google Cloud Platform to complete the required settings as instructed below.

1. Apply for an account.

2. Create a project.

3. Configure the OAuth Consent screen.

4. Edit application registration request.

5. Get the OAuth certificate.

6. Create an OAuth client ID.

7. Acquire the client ID and password.

Access the configured client ID and password.

Click on the name in the OAuth 2.0 Client IDs section to access Client ID of the Web Application page, and the client number, password and creation date are displayed in the right-side of the page.

AC OAuth 2.0 IdP Settings

Path: AC User Management > AC OAuth 2.0 IdP

• Client Id*: The client ID (client_id), eg. client number, obtained from Google.

• Client Name*: Specify the client name for identification.

• Client Password*: The client password (client_secret) obtained from Google.

• Type*: Fixed value: GOOGLE

• Client Status*: Fixed value: Y

• Callback URL*: Replace {{hostname}} with the hostname used by digiRunner, and leave the rest of the URL unchanged as it is fixed. https://{{hostname}}/dgrv4/ssotoken/acidp/GOOGLE/acIdPCallback

• Well Known URL*: Fixed value: https://accounts.google.com/.well-known/openid-configuration

• Auth URL: Not required.

• Access Token URL: Not required.

• Scope: Not required.

Parameter Settings

Path: System Configs > Setting

• AC_IDP_ACCALLBACK_URL: Replace {{hostname}} with the hostname used by digiRunner, and leave the rest of the URL unchanged as it is fixed. https://{{hostname}}/dgrv4/ac4/idpsso/accallback

• AC_IDP_LDAP_REVIEW_ENABLE: Whether true/false enables the automated user creation and approval letter process.

• AC_IDP_MSG_URL: Replace {{hostname}} with the hostname used by digiRunner, and leave the rest of the URL unchanged as it is fixed. https://{{hostname}}/dgrv4/ac4/idpsso/errMsg

• AC_IDP_REVIEWER_MAILLIST: If AC_IDP_LDAP_REVIEW_ENABLE is enabled, you can specify reviewer emails here, separating multiple groups by commas (,).

• AC_IDP_REVIEW_URL: Replace {{hostname}} with the hostname used by digiRunner, and leave the rest of the URL unchanged as it is fixed. https://{{hostname}}/dgrv4/ssotoken/acidp/acIdPReview