Two SSO configuration


#1

Hi,
I have indico 2.1.4 on CentOs 7 configured with shibboleth SSO. I’d like to configure second SSO via oauth, has anyone got any sample configs to share?
I’m really bad at configuring SSO, links below didn’t gave me much idea…
https://docs.getindico.io/en/stable/config/auth/#authentication-providers
https://flask-multipass.readthedocs.io/en/latest/quickstart/#id3
https://docs.getindico.io/en/stable/config/auth/

Best regards,
Patryk.


#2

Hi,
There are a few threads on this forum that include example SSO configs. E.g.:

Maybe you can use them as reference? Or otherwise we can try to help you out if you have any concrete question about any of the used attributes.


#3

Hi,
none of above helped - my SSO with shibb is working correctly, my problem is, that I don’t know how to add second SSO provider. I believe that I’m making some syntax errors that ends up with “internal server error” once I load the configuration. To make it easier heres my actual SSO config section:

  'shib-sso': {
    'type': 'shibboleth',
    'title': 'SSO',
    'attrs_prefix': '',
    'callback_uri': '/login/shib-sso/shibboleth',
    'logout_uri': 'https://login.e-science.pl/cas/logout'
}
IDENTITY_PROVIDERS = {
    'shib-sso': {
        'type': 'shibboleth',
        'title': 'SSO',
        'identifier_field': 'uid',
        'mapping': {
           'login': 'eppn',
           'email': 'email',
           'uid'  : 'uid',
           'first_name': '',
           'last_name': '',
        },
        'trusted_email': True
    },

And heres what I tried to do and didn’t worked (changes commented with purpose):

# SSO

_pwr_oauth = {
    'consumer_key': '',  somekey
    'consumer_secret': '',  supersecret
    'request_token_params': {'scope': 'user:email'},
    'base_url': 'someurl,
    'request_token_url': None,
    'access_token_method': 'POST',
    'access_token_url': 'someurl/access_token',
    'authorize_url': 'someurl/authorize'
}

AUTH_PROVIDERS = {
  'shib-sso': {
    'type': 'shibboleth',
    'title': 'SSO',
    'attrs_prefix': '',
    'callback_uri': '/login/shib-sso/shibboleth',
    'logout_uri': 'https://login.e-science.pl/cas/logout'
  },
#  'pwr': {
#    'type': 'oauth',
#    'title': 'pwr',
#    'oauth': _pwr_oauth
#  }
}
IDENTITY_PROVIDERS = {
    'shib-sso': {
        'type': 'shibboleth',
        'title': 'SSO',
        'identifier_field': 'uid',
        'mapping': {
           'login': 'eppn',
           'email': 'email',
           'uid'  : 'uid',
           'first_name': '',
           'last_name': '',
        },
        'trusted_email': True
    },
#    'pwr': {
#        'type': 'oauth',
#        'title': 'pwr',
#        'oauth': pwr_oauth,
#        'endpoint': '/user',
#        'identifier_field': 'uid',
#    }
}