Category: GLPI Network

Subject

How to use plugin Oauth

Content

Oauth client for GLPI

605fca3f-71844724-5f7f055f218a35.08711458

This plugins allows user login and import via external providers.

Currently connects via:

Setup

The plugin uses the external authentication feature of GLPI.
So in order to be ready for use, it needs some setup.

Set the fields in Setup > Authentication > Others authentication methods like on this screenshot:

605fca3f-71844724-5f7f0577213737.31587632

Mandatory setting:

  • Field storage of the login in the HTTP request: must be set (no matter the value)

Optionally, if you want to import unknown users you can also set:

  • Surname: givenName
  • First name: familyName
  • Email: email
  • Language: language

Also, you need to enable this import behavior in GLPI.
Do it in Setup > Authentication > Setup, the Automatically add users from an external authentication source field.

 

WARNING

The field "Remove the domain of logins like login@domain" should be set to "No".


Example for google suite, if you have an email like username@domain and the option set to yes, the imported user in GLPI will have name username.
If an external person try to connect with email like username@antoherdomain, it will authenticated in GLPI like it would be the first email.

 

Enable login provider

The process is the same for each source:

  • Enable the provider in GLPI configuration
  • Click on the help icon on the right from its´ title
  • Enable external application on the service management console;
  • Copy callback url from the plugin configuration and paste it in the console (GLPI will be called back after login via provider);
  • Get your client variables (Id and secret) and paste them into plugin configuration.
  • For some providers you need to restrict the usage of Oauth API for allowed URL. The filtering may also be managed by the callback url.

605fca3f-71844724-5f7f05897d0e49.11780411

 

When the provider is enabled, you will see the new login page :

605fca3f-71844724-5f7f0792b60d08.21408025

 

Google

This provider requires to enable Google+ API before providing any user details (like given name or emails)

See https://console.developers.google.com/apis/api/plus.googleapis.com/overview.

Google oauth service also supports multiple emails in their response.
Like above, you can also fill additional fields in Setup > Authentication > Others authentication methods:

  • Email 2: email2
  • Email 3: email3
  • Email 4: email4

Candidates for future providers

See:

 

Writer: TECLIB
Created on 2020-02-18 15:58
Last update on 2020-10-08 14:37
421 views
This item is part of the FAQ