Content
How to set up OpenID Connect SSO?
Added by JG S. about 4 years ago
Here's my set up:
My service embeds OpenProject in an Iframe. My service requires users to log in, so it would be best for OpenProject to reuse the session.
But as I understand it, OpenProject still needs to have an account for every user. That's why I set up a custom OpenID connect provider and configured it as follows in OpenProject:
```
openid_connect:
my_provider:
display_name: "Display Name"
scheme: "https"
host: "my_provider_uri"
port: 443
identifier: my_provider_id
secret: my_provider_secret
authorization_endpoint: "/api/v1/oauth/authorize"
token_endpoint: "/api/v1/oauth/token"
userinfo_endpoint: "/api/v1/oauth/userinfo"
```
This already works fine and after going through the OAuth process (granting access), OpenProject creates an user account.
Now I want to share the session of my service with OpenProject, so users never have to go through the OAuth process (but only once for the account creation). Is that possible?
OpenID Connect SSO seems promising, but I wasn't able to set it up with OpenProject. Here's what I did (additional configuration for my_provider):
```
sso: true
discovery: false
issuer: "openproject_uri/login"
client_auth_method: "redirect"
end_session_endpoint: "some_url_being_logged/end_session"
check_session_iframe: "some_url_being_logged/check_session"
redirect_uri: "https://op_nproject_domain/auth/my_provid_r/callback"
```
I checked my web server logs, but the URL configured in end_session_endpoint and check_session_iframe is never accessed.
What's the problem here? Thanks for helping.
Replies (1)
Hi,
I am trying to do something similar. Were you able to get this working ?
I've got as far as getting the login page up in the iframe, but after logging in it doesn't work. I think it's a problem with the cookies.
What I really need is what you described above, where the user logs into my application and our application sets up the openproject session for use form the iframe.
Any solutions for this ?