OIDC - AtlasOfLivingAustralia/documentation GitHub Wiki
OpenID Connect (OIDC)
Recent versions of CAS services and ALA modules with java
11 use the ala-auth-plugin that permits to authenticate users via OIDC instead of legacy CAS.
Configuration
To migrate from cas
to oidc
authentication you should have something like in your module configurations:
security:
cas:
enabled: false
oidc:
enabled: true
You also need to configure the OIDC provider in those applications:
security:
oidc:
discovery-uri: 'https://auth.your-l-a.site/cas/oidc/.well-known'
client-id: 'ChangeMe'
secret: 'ChangeMe'
scope: 'openid profile email ala roles'
Automatically create the Client Id and Client Secret
Recent versions of ala-install (>= 2.1.14
), generates in CAS that client/secret key for you and configure them in each ALA module. See this PR for more details.
Manually create the Client Id and Client Secret
But if you want to do this manually for some reason, here the steps to do it.
- Go to
OAuth Services
section incas-management
:
- Press the (+) icon and
Create OIDC
:
- Fill the
Basic
section. Pay attention that the wildcards and url match your service url:
Client section
should have someClient ID
andClient Secret
autogenerated for you (you can copy them to use later). Verify the checkboxes:
- Fill the OIDC section:
- Fill the
Scopes
section like this:
- And press the Save icon. That is. Now just copy the
Client ID
andClient Secret
in your LA module configuration as we mentioned at the beginning of this page to use it.