Github Login Setup

Configure Github login via OAuth2

1. Log in to Github developer Portal

Login to https://github.com/settings/apps with a Github account.

2. Create an app.

If this is the very first project you create with this Github account, you will see the page below. Click on the top right button for dropdown and select 'Settings'

Next select Developer Settings.

Fill in at least the required fields (marked with asterisks).

Choose a name for your app:

Set a homepage URL, a temporary value for Authorization URL (Can be obtained from steps below: Step 1: Enable Github as authentication method in SSO Management Console). Enable Device Flow.

Click on "Register Application" to complete registration of OAuth app:

Click on Test App Local then Click on “Generate a new client secret“ and save it to be used later in Github authentication method.

3. SSO Management console configurations

From Home, select the tab "Global Method Settings" and then click "New Method" at the bottom of the page. Choose OAuth 2.0 as method type. The method class will auto-fill and you don't have to edit it.
Choose a method name, for instance Github.oauth2.1

Press "OK" and the method will be created. Select the "OAuth 2.0" tab and edit the fields with the information of your Project.

Client ID and secret are generated as part of ‘Create an app' performed above.

OAuth2.0 endpoints for Github:

Authorization Endpoint URL: https://github.com/login/oauth/authorize Scope: repo user Token Endpoint URL: https://github.com/login/oauth/access_token UserInfo Endpoint URL: https://api.github.com/user

Once all the fields are filled in, press "Update". The Client Secret will be hidden from view once set.
Go back to "Main" tab, tick "Enabled" box, and press "Update"
Copy the redirect URI from the Redirect URI field in the OAuth 2.0 tab

and paste it Authorization callback URL for your 'Test App Local' in OAuth Apps (Login to Github → Settings → Developer settings→ OAuth Apps):

Click on Update application.

User Driven Federation with Github

1. Create LDIF and import to directory

Step 1: Create Github.ldif
# Modifying github.oauth2.1 method to offer federation dn: cn=github.oauth2.1,cn=Server,ou=System,cn=Ubilogin,dc=localhost changetype: modify replace: ubiloginLDAPURLUserMappingTableDN ubiloginLDAPURLUserMappingTableDN: cn=CustomerID User Mapping,cn=Server,ou=System,cn=Ubilogin,dc=localhost - changetype: modify replace: ubiloginDirectoryServiceDN ubiloginDirectoryServiceDN: cn=CustomerID Directory,cn=Services,ou=System,cn=Ubilogin,dc=localhost -
Step 2: Import settings to directory

Then we'll use import tool to read settings in Github.ldif file:

cd C:\Program Files\Ubisecure\ubilogin-sso\ubilogin\ldap\adam import.cmd ..\Github.ldif

2. Enable an external authentication method for CustomerID

Step 1: Enable Github as authentication method in SSO Management Console
  1. Open SSO Management Console with your administrator account.

  2. Go to eIDM Services site.

  3. On Site Methods, add Github.oauth2.1.

  4. On Applications, you will see two applications: eidm2 and workflow.

  5. For each of these two applications go to Allowed Methods and add github.oauth2.1. It's important that you add github.oauth2.1 as allowed method for both eidm2 and workflow.

Ensure to add Github Authentication Method in ‘eIDM Users’--> 'Site Methods':

Step 2: Enable Github as authentication method in CustomerID
  1. Open eidm2.properties with your text editor.

  2. Find the line that starts with "methods.protected" and add Github.oauth2.1 as shown below.   

    methods.protected = methods.password, github.oauth.2.1
  3. Restart Wildfly.

  4. Open CustomerID self-service login page https://localhost:7443/eidm2/wf/self-service

  5. You will find Login with Github button under "Sign In Using a Provider"

Part 3: Link your accounts

Step 1: Link your accounts

Login to self-service. Click "Login with Github" button and you will be redirected to Github accounts login page.

Log in using some Github account and you will see the screen below. You are informed that user federation is not enabled (in red letters) so in this step you must log in with your CustomerID account one last time.

After successful login, you're prompted to link your account. Tick the box "Remember this next time" and click "Continue"

You are now logged in and you can see the account linking settings at the bottom of the page under "Federated Accounts".

Now log out from CustomerID. Obs: You must logout from Google too.

Step 2: Verify that you can log in to CustomerID directly with a Github account
  1. Open self-service login page again https://localhost:7443/eidm2/wf/self-service

  2. This time you will be able to log in directly using your Github credentials.

Step 3: Unlink your account

In the future, any user can unlink her own account from self service interface.