Google OAuth 2 Activate in Authentication

bugoy · February 4, 2022, 9:08am

Hi,

Anyone who successfuly activate the Google’s OAuth2 on the authentication configuration?

Im having trouble on inputing values for OAuth2 parameters

oauth

The parameters didn’t return any changes as I click on Login with Oauth2.
login

rakeshuk · April 29, 2022, 8:11am

this is late probably. you need to set Oauth protocol field. The possible values is one of: OP_MSAZUREOAUTH2, OP_KEYCLOAK, OP_GOOGLE, OP_CUSTOM

So in your case, you need to set it to OP_GOOGLE. I did not test but you can try this.

./cmdbuild.sh restws setconfig org.cmdbuild.auth.module.oauth.protocol OP_GOOGLE

bugoy · November 4, 2022, 9:07am

Thank you so much. Yes there’s an improvement after applying the OP_GOOGLE protocol, as I was able to see the Googles login form.

The next problem is that, after logging in (or choosing) the Google account that has permission, it doesn’t log me in on the CMDBuild. It keeps me redirecting to the login page of the CMDBuild.

roger.krolow · March 15, 2023, 1:49pm

Hi @bugoy , didi you resolve the redirection to the login page after authentication? I’m facing the same issue, but with Keycloak. The login flow works, but I end up in the login page again. Looks like an authorization problem.

bugoy · March 16, 2023, 8:29am

Hi Roger,

I’m still awaiting for any clues. For now I disabled the OAuth until I get solution to have CMDBuild worked with Google OAuth2.

I have seen thread that they were able to work OAuth thru Keycloak. Maybe you may check that one.

rakeshuk · May 5, 2023, 1:51pm

I made cmdbuild to work with keycloak for SSO. below is the snippet from the bash script used to configure OIDC. sample values are at the end of the snippet. hope this helps.

# Authentication module names to enable 
{{ cmdb_script }} restws setconfig org.cmdbuild.auth.modules default,oauth

# OAuth client id 
{{ cmdb_script }} restws setconfig org.cmdbuild.auth.module.oauth.clientId cmdb

# OAuth client secret 
{{ cmdb_script }} restws setconfig org.cmdbuild.auth.module.oauth.clientSecret {{ cmdb_client_secret_oauth_test }}

# OAuth login type matching (username or email), defaultValue=auto
{{ cmdb_script }} restws setconfig org.cmdbuild.auth.module.oauth.login.type email 

# OAuth login attribute to be matched with cmdbuild users. Possible values: email or username
{{ cmdb_script }} restws setconfig org.cmdbuild.auth.module.oauth.login.attr email

# OAuth protocol (possible values: OP_MSAZUREOAUTH2, OP_KEYCLOAK, OP_GOOGLE, OP_CUSTOM) 
{{ cmdb_script }} restws setconfig org.cmdbuild.auth.module.oauth.protocol OP_KEYCLOAK

# OAuth local url accepted from the provider
{{ cmdb_script }} restws setconfig org.cmdbuild.auth.module.oauth.redirectUrl  "{{ redirect_url }}"

# OAuth service URL
{{ cmdb_script }} restws setconfig org.cmdbuild.auth.module.oauth.serviceUrl "{{ oauth_service_url }}"

# Reload the configuration
{{ cmdb_script }} restws reloadconfig

##### sample values 
#cmdb_script: /opt/tomcat/webapps/cmdbuild/cmdbuild.sh
#oauth_config_script: /opt/config_oauth.sh
#redirect_url: https://cmdbapp.mydomain.com/cmdbuild/ui/
#oauth_service_url: https://accounts.mydomain.com/auth/realms/mydomain/protocol/openid-connect/
#oauth_client_id: cmdb