Two SSO configuration

patbel-pwr · November 19, 2018, 2:17pm

Hi,
I have indico 2.1.4 on CentOs 7 configured with shibboleth SSO. I’d like to configure second SSO via oauth, has anyone got any sample configs to share?
I’m really bad at configuring SSO, links below didn’t gave me much idea…
https://docs.getindico.io/en/stable/config/auth/#authentication-providers
https://flask-multipass.readthedocs.io/en/latest/quickstart/#id3
https://docs.getindico.io/en/stable/config/auth/

Best regards,
Patryk.

pferreir · November 20, 2018, 5:00pm

Hi,
There are a few threads on this forum that include example SSO configs. E.g.:

Maybe you can use them as reference? Or otherwise we can try to help you out if you have any concrete question about any of the used attributes.

patbel-pwr · November 23, 2018, 10:34am

Hi,
none of above helped - my SSO with shibb is working correctly, my problem is, that I don’t know how to add second SSO provider. I believe that I’m making some syntax errors that ends up with “internal server error” once I load the configuration. To make it easier heres my actual SSO config section:

  'shib-sso': {
    'type': 'shibboleth',
    'title': 'SSO',
    'attrs_prefix': '',
    'callback_uri': '/login/shib-sso/shibboleth',
    'logout_uri': 'https://login.e-science.pl/cas/logout'
}
IDENTITY_PROVIDERS = {
    'shib-sso': {
        'type': 'shibboleth',
        'title': 'SSO',
        'identifier_field': 'uid',
        'mapping': {
           'login': 'eppn',
           'email': 'email',
           'uid'  : 'uid',
           'first_name': '',
           'last_name': '',
        },
        'trusted_email': True
    },

And heres what I tried to do and didn’t worked (changes commented with purpose):

# SSO

_pwr_oauth = {
    'consumer_key': '',  somekey
    'consumer_secret': '',  supersecret
    'request_token_params': {'scope': 'user:email'},
    'base_url': 'someurl,
    'request_token_url': None,
    'access_token_method': 'POST',
    'access_token_url': 'someurl/access_token',
    'authorize_url': 'someurl/authorize'
}

AUTH_PROVIDERS = {
  'shib-sso': {
    'type': 'shibboleth',
    'title': 'SSO',
    'attrs_prefix': '',
    'callback_uri': '/login/shib-sso/shibboleth',
    'logout_uri': 'https://login.e-science.pl/cas/logout'
  },
#  'pwr': {
#    'type': 'oauth',
#    'title': 'pwr',
#    'oauth': _pwr_oauth
#  }
}
IDENTITY_PROVIDERS = {
    'shib-sso': {
        'type': 'shibboleth',
        'title': 'SSO',
        'identifier_field': 'uid',
        'mapping': {
           'login': 'eppn',
           'email': 'email',
           'uid'  : 'uid',
           'first_name': '',
           'last_name': '',
        },
        'trusted_email': True
    },
#    'pwr': {
#        'type': 'oauth',
#        'title': 'pwr',
#        'oauth': pwr_oauth,
#        'endpoint': '/user',
#        'identifier_field': 'uid',
#    }
}

ThiefMaster · March 15, 2021, 9:09am

4 posts were split to a new topic: Using Keycloak SSO