Written by dayash
It is now possible to configure the Admin Console and the Enduser UI to act as a OpenID Connect Client.
In the following, a sample configuration will be shown, working with Google
as OpenID Provider.
Before starting the configuration for Syncope, you need to
obtain
OAuth 2.0 credential, after that
set
the redirect URIs using the following values:
Start a simple embedded Syncope project:
mvn archetype:generate \ -DarchetypeGroupId=org.apache.syncope \ -DarchetypeArtifactId=syncope-archetype \ -DarchetypeRepository=http://repo1.maven.org/maven2 \ -DarchetypeVersion=2.0.9-SNAPSHOT
then build it with "all" profile in order to load OIDC Client extension:
cd [CREATED_PROJECT_FOLDER] mvn -P all clean install && cd enduser && mvn -P embedded,all
Now, from your browser login to Syncope Console by
"http://[HOSTNAME]:9080/syncope-console/", and using the default "admin" /
"password" credentials.
After you need to configure the OpedID Provider by going to Extensions → OIDC
Client, clieck the add button to see this wizard.
In this wizard you are required to insert a unique name for the provider ,
the client_id and client_secret that you get from OAuth 2.0 credential you
defined before, also flag Create unmatching users to automatically
create OIDC user if it is not found in Syncope.
In the second wizard, you need to insert the issuer which it is in case of
Google "https://accounts.google.com" , and flag Has Discovery Document
because Google Provider supports the discovery document.
At the end, create a mapping like the following to let Syncope create a user correctly.
After creating the OpenID Provider successfully, logout from Admin Console and you are going to find a new dropdown list OpenID Connect
Choose the provider that you created and you will be redirected to Google page to login to your account (if you have not a valid session) and use it to login to Syncope Console.
You can also login in to Enduser UI by visiting "http://[NEW_HOSTNAME]:9080/syncope-enduser" where you will find a new dropdown list as in the Admin Console, and from that you can login to Enduser UI using OpenID Connect.
How to configure Apache Syncope to send notification e-mails
Apache Syncope already provides powerful, tunable attribute validators, enforced by the Core back-end: what about customizing front-end validation?
We put the latest Apache Syncope and PostgreSQL on the bench to try and push to the limit: here are the results
Tirasa joins Maggioli, Metron and University of L'Aquila to shepherd the Italian Public Administration towards Cloud services
PlainID and Tirasa announced the release of a PlainID Dynamic Authorization integrate solution, to enhance its Authorization management capabilities
AULSS 6 Euganea of Padua makes standard-based Open Source user management and IT authorization