Integrating Identity Providers (IdP) in SGS

SkylineGlobe Server 8.0 features integrated Single Sign-On (SSO) - OpenID user authentication. Users can now sign in using a commercial Identity Provider (IdP) like Google Workspace and Facebook or using an enterprise identity provider server.

Picture 1626825470

SGS Login with SSO Authentication

To set up the identity providers that will be supported:

Locate the loginAuthSettings.json file in the SharedConfigurations folder under the Server Configuration Database Folder (whose location was defined during SGS installation), e.g., C:\SkylineGlobeServerConfiguration\SharedConfigurations\. This file includes a property named identityProviders, which is an array composed of objects. Each object represents an identity provider.

For each identity provider you wish to add, enter its respective properties to the identityProviders comma-delimited array.

{

"identityProviders": [

{}

],

"forceIdentityProvider": ""

}

Properties:

Name

Description

name

Name of IdP, e.g., “Facebook”.

loginIcon

Path to the icon that should be used for the IdP button in the login dialog.

loginUrl

URL of the IdP that users will be redirected to in order to log in. This information is obtained from the IdP.

authTokenURL

URL endpoint at which you will receive access tokens from the IdP to authenticate and authorize users for your server. This information is obtained from the IdP.

authTokenURLRequestBody

Request body to be sent (POST) within the “authTokenURL” request:

client_id: Public identifier for your server.

client_secret: Secret identifier for your server..

These are obtained from the IdP‏ץ‏

grant_type: Must be set to “authorization_code”.  

redirect_uri: SGS URL to redirect to after getting the access token

Example:

client_id=XXXXXX&client_secret=YYYYYY&grant_type=authorization_code&redirect_uri=https://cloud.skylineglobe/sg/oauth/redirect

getUserInfoURL

URL for retrieving the user profile information (e.g., user’s name, email). This information is obtained from the IdP.

After creating/modifying the configuration file, restart SGS for updates to take effect.

 

Example

{

"IdentityProviders": [

{

  "name": "Google",

  "loginIcon": "https://skyline.com/SG/temp/Google.png",

  "loginUrl": "https://accounts.google.com/o/oauth2/v2/auth?client_id=XXXX.apps.googleusercontent.com&redirect_uri=https://cloud.skylineglobe%2Fsg%2Foauth%2Fredirect&scope=openid%20email%20profile&response_type=code",

  "authTokenURL": "https://oauth2.googleapis.com/token",

  "authTokenURLRequestBody": "client_id=585398732296-6c6h8kl1s4er1vl7bkgqd0bhlp944of7.apps.googleusercontent.com&client_secret=YYYYYY&grant_type=authorization_code&redirect_uri=https://cloud.skylineglobe/sg/oauth/redirect",

  "getUserInfoURL": "https://people.googleapis.com/v1/people/me?personFields=names,emailAddresses"

 }

],

"forceIdentityProvider": ""

}