cancel
Showing results for 
Search instead for 
Did you mean: 

how to do oauth Integration with alfresco 1.7

amruta_w
Star Collaborator
Star Collaborator

Hello,

I am working on oauth2 sso part. I have configured the oauth2 in my activiti-app.properties using github, it displays sso login after clicking on that link it asks username and password of github even though it is valid it returns to me the login page of alfresco activiti not the landing page of alfresco activiti. kindly help me to resolve this.

The same username and password exists in my alfresco database whatever I have used in the github.

Following links i have refered

Alfresco Process Services 1.7 Available Now 

Thanks

1 ACCEPTED ANSWER

ryandawson
Elite Collaborator
Elite Collaborator

I can offer a set of steps that are known to work with github.

First have the same username on APS as the username present in external oauth2 server to be used for authorisation. Then

1 have an account on the external oauth2 authentication application (e.g. github)
2 if using github navigate to setting on github -> OAuth Apps ->
3 here you can register a new application or use an existing one
4 get client id and client secret from github for the app
5 set Hompage URL: http://localhost:<port>/activiti-app and Authorization callback URL: http://localhost:<port>/activiti-app (both of these should be set same as your APS running instance url)
6 update applicaiton.
7 on APS -> open "activiti-app.properties" file and set following properties
security.oauth2.authentication.enabled=true
security.oauth2.client.clientId=
security.oauth2.client.clientSecret=
security.oauth2.client.checkToken=http://localhost:9999/oauth/check_token -- this property is commented as we are using external oauth2 provider. this need to set only if you are using an internal authentication server (for e.g. Alfresco oauth 2 server)
security.oauth2.client.userAuthorizationUri=https://github.com/login/oauth/authorize
security.oauth2.client.tokenName=oauth_token
security.oauth2.client.accessTokenUri=https://github.com/login/oauth/access_token
security.oauth2.client.userInfoUri=https://api.github.com/user
8 run APS instance and login as "admin" and create a enterprise user same as present on GIT hub
9 As we have username as email we have to edit the username to match GIT hub username
Optional:
Note: if you want to authenticate user with enternal_id column in APS database need to set up following:
i  - open the database of APS and edit "USERS" table
add user id in "enternal_id" field for the create user and save the changes.

ii - set "security.authentication.use-externalid = true " in "activiti-app.properties" file and re-run the aps instance.

View answer in original post

1 REPLY 1

ryandawson
Elite Collaborator
Elite Collaborator

I can offer a set of steps that are known to work with github.

First have the same username on APS as the username present in external oauth2 server to be used for authorisation. Then

1 have an account on the external oauth2 authentication application (e.g. github)
2 if using github navigate to setting on github -> OAuth Apps ->
3 here you can register a new application or use an existing one
4 get client id and client secret from github for the app
5 set Hompage URL: http://localhost:<port>/activiti-app and Authorization callback URL: http://localhost:<port>/activiti-app (both of these should be set same as your APS running instance url)
6 update applicaiton.
7 on APS -> open "activiti-app.properties" file and set following properties
security.oauth2.authentication.enabled=true
security.oauth2.client.clientId=
security.oauth2.client.clientSecret=
security.oauth2.client.checkToken=http://localhost:9999/oauth/check_token -- this property is commented as we are using external oauth2 provider. this need to set only if you are using an internal authentication server (for e.g. Alfresco oauth 2 server)
security.oauth2.client.userAuthorizationUri=https://github.com/login/oauth/authorize
security.oauth2.client.tokenName=oauth_token
security.oauth2.client.accessTokenUri=https://github.com/login/oauth/access_token
security.oauth2.client.userInfoUri=https://api.github.com/user
8 run APS instance and login as "admin" and create a enterprise user same as present on GIT hub
9 As we have username as email we have to edit the username to match GIT hub username
Optional:
Note: if you want to authenticate user with enternal_id column in APS database need to set up following:
i  - open the database of APS and edit "USERS" table
add user id in "enternal_id" field for the create user and save the changes.

ii - set "security.authentication.use-externalid = true " in "activiti-app.properties" file and re-run the aps instance.