End users

Page tree

Versions Compared

Old Version 1

changes.mady.by.user Aleksandar Mitrev

Saved on

compared with

New Version 21

changes.mady.by.user Thomas Lauria

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

If you wish, you can set up the same translate5 instance on different domains and configure for different clients different domains and different OpenID servers.

Examples how to use translate5 as OpenID client with different OpenID servers for Single-Sign-On (SSO) usage

Configuration within translate5

eDescription

OpenID Connect is a simple identity layer on top of the OAuth 2.0 protocol, which allows computing clients to verify the identity of an end-user based on the authentication performed by an authorization server, as well as to obtain basic profile information about the end-user in an interoperable and REST-like manner. In technical terms, OpenID Connect specifies a RESTful HTTP API, using JSON as a data format.

...

To configure translate5 to work with OpenId connect is very simple. Navigate to the clients tab in your translate5 instance, and under the OpenId connect fieldsub-set tab there are OpenId configuration fields which needs that need to be set.

Fill in the fields with the data as explained below. How to obtain the data of the OpenId Connect server is explained by the Google example further below.

translate5 domain:  the used translate5 instance url (ex: https:///domain.  (Google configuration example: translate5.net/). This is also the url which the user will be redirected after the OpenId authentication.Note: do not define the domain with protocol included.  Valid definition will be translate5.net, test.translate5.net, translate5.net . Invalid: http://translate5.net

OpenId server: OpenId authentication server url (ex: . This is the URL translate5 redirects users for authentication at the OpenId connect server (Google configuration example: https://accounts.google.com)

OpenId issuer: OpenId issuer url. In many cases this url is identical with the OPenId server url.

OpenId user name: OpenId authentication server username (Google configuration example: "Client ID" see image3)
(the user name that allows the openId client application to connect to the API of the openId server; do NOT mix this up with the username of the user, that wants to authenticate!)

OpenId password: OpenId authentication server password (Google configuration example: "Client secret" see image3)
(the password that allows the openId client application to connect to the API of the openId server; do NOT mix this up with the password of the user, that wants to authenticate!)

OpenId OAuth URL: OpenId authentication server OAuth url (ex: . This is the URL translate5 uses in the background to do the server to server authentication mechanism (Google configuration example: https://accounts.google.com/o/oauth2/auth). Also used to fetch the openid server properties (ex: https://accounts.google.com/o/oauth2/auth/.well-known/openid-configuration)

System Roles: translate5 internal user system roles.

  • If the OpenID connect server is configured and able to pass roles along with the authentication, the translate5 system roles passed by the OpenID server will be set for this user in translate5.
  • If the roles

...

  • in the OpenID server change, on the next login they will also change in translate5.
  • The OpenID server will only be able to set roles, that are checked in the OpenID Connect configuration of the corresponding client in translate5. Other roles will be ignored by translate5, even if the OpenID server claims them.
  • If the OpenID Connect server is not able to or configured to claim roles, the roles checked in the OpenID Connect configuration of the corresponding client in translate5 will always automatically be set for users of this client. 

Link text on login page: redirect lable  Label text in on the login page for the openid server. When the checbox bellow the lable of translate5. A click on it redirects the user to the configured openid server for authentication, instead of using translate5 for authentication. If the checbox "Do not show login page" below the field "Link text on login page" is checked, the user will directly be directly redirected to the openid server for authentication/authorization and will never see the translate5 login page.

Checkbox "Do not show login page: Automatically redirect to OpenID Connect server": Redirect directly to the SSO authentication provider.