The Crowd OAuth/OpenID server app can be used to allow users to sign in to your client application with their Crowd account. Here we will go through a guide to configure an OAuth/OpenID client on your Crowd and by the end of this guide, users will be able to login to your application using the Crowd credentials.
To configure your Identity Provider integration with Crowd SAML SSO, you need the following items.
- Crowd should be installed and configured.
- Admin credentials are set up in Crowd.
Download and Installation
- Log into your Crowd instance as an admin.
- Navigate to the settings menu and Click Manage Apps.
- Click Find new apps or Find new add-ons from the left-hand side of the page.
- Locate miniOrange OAuth/OpenID Server via search.
Step 1: Register an OAuth/OpenID client app:
Follow the steps given below to register your client application on the Crowd OAuth/OpenID server.
- Open the plugin configurations.
- Go the OAuth/OpenID Client tab.
- Select the Protocol in the dropdown.
- Enter an App Name as you want.
- Copy Redirect / Callback URL from your OAuth/OpenID client and enter it under Redirect URI. It is the URL where users will be redirected after they are authenticated.
- Enter Scope as “email” (If you have selected OAuth protocol).
- Click on Save.
Step 2: Configuration on the Client Application:
- After saving the client application, the server displays Client ID, Client Secret and Scope.
- Navigate to the Server Endpoints to get all the endpoints of the OAuth/OpenId provider and Public Key.
- Note down Client ID, Client Secret, Scope, all the endpoints and Public Key to configure in your OAuth Client.
Important Note: Sending the client credentials parameters to the Token Endpoint in HTTP Body is required.
||This is used to identify the client application on the server (Configure OAuth/OpenID Client tab)
||This is used by the Client to authenticate to the server (Configure OAuth/OpenID Client tab)
||email - for OAuth clients.
openid - for OpenID clients.
||This is used by client to receive authorization code. (Server endpoints tab)
||This is used by the clients to receive tokens. (access token and ID Token) (Server endpoints tab)
|User Info Endpoint
||This is used by the Oauth clients to fetch user information.(Server endpoints tab)
||It is used by the client to verify the signature of the OAuth server. (Server endpoints tab)
If you are looking for anything which you cannot find, please drop us an email on firstname.lastname@example.org