CMDBuild Forum

Oauth related configs

I am using Keycloak for Oauth. What value should be set in cmdbuild for the property org.cmdbuild.auth.module.oauth.login.attr ? the document just says it is a string value and the description is “OAuth login attribute to be matched with cmdbuild users”. I cannot get Oauth working because if I don’t set this property,I am getting error that login.attr is not set. I tried setting to different values like ‘username’, ‘email’ but getting java.lang.NullPointerException: user not found for identity = Login{value=REDACTED@REDACTED.com, type=email}

Any help how to make Oauth work, would be appreciated.

ok, i figured out the problem. basically, a local user needs to be created with proper group in CMDB for the Oauth to work. the local user is linked to the SSO user by either username or email (i.e. value for the login.attr )

./cmdbuild.sh restws setconfig org.cmdbuild.auth.module.oauth.login.attr email

(or)

./cmdbuild.sh restws setconfig org.cmdbuild.auth.module.oauth.login.attr username