Github Login Setup
Configure Github login via OAuth2
1. Log in to Github developer Portal
Login to https://github.com/settings/apps with a Github account.
2. Create an app.
If this is the very first project you create with this Github account, you will see the page below. Click on the top right button for dropdown and select 'Settings'
Next select Developer Settings.
Fill in at least the required fields (marked with asterisks).
Choose a name for your app:
Set a homepage URL, a temporary value for Authorization URL (Can be obtained from steps below: Step 1: Enable Github as authentication method in SSO Management Console). Enable Device Flow.
Click on "Register Application" to complete registration of OAuth app:
Click on Test App Local then Click on “Generate a new client secret“ and save it to be used later in Github authentication method.
3. SSO Management console configurations
From Home, select the tab "Global Method Settings" and then click "New Method" at the bottom of the page. Choose OAuth 2.0 as method type. The method class will auto-fill and you don't have to edit it.
Choose a method name, for instance Github.oauth2.1
Press "OK" and the method will be created. Select the "OAuth 2.0" tab and edit the fields with the information of your Project.
Client ID and secret are generated as part of ‘Create an app' performed above.
OAuth2.0 endpoints for Github:
Authorization Endpoint URL: https://github.com/login/oauth/authorize
Scope: repo user
Token Endpoint URL: https://github.com/login/oauth/access_token
UserInfo Endpoint URL: https://api.github.com/user
Once all the fields are filled in, press "Update". The Client Secret will be hidden from view once set.
Go back to "Main" tab, tick "Enabled" box, and press "Update"
Copy the redirect URI from the Redirect URI field in the OAuth 2.0 tab
and paste it Authorization callback URL for your 'Test App Local' in OAuth Apps (Login to Github → Settings → Developer settings→ OAuth Apps):
Click on Update application.
User Driven Federation with Github
1. Create LDIF and import to directory
Step 1: Create Github.ldif
# Modifying github.oauth2.1 method to offer federation
dn: cn=github.oauth2.1,cn=Server,ou=System,cn=Ubilogin,dc=localhost
changetype: modify
replace: ubiloginLDAPURLUserMappingTableDN
ubiloginLDAPURLUserMappingTableDN: cn=CustomerID User Mapping,cn=Server,ou=System,cn=Ubilogin,dc=localhost
-
changetype: modify
replace: ubiloginDirectoryServiceDN
ubiloginDirectoryServiceDN: cn=CustomerID Directory,cn=Services,ou=System,cn=Ubilogin,dc=localhost
-
Step 2: Import settings to directory
Then we'll use import tool to read settings in Github.ldif file:
cd C:\Program Files\Ubisecure\ubilogin-sso\ubilogin\ldap\adam
import.cmd ..\Github.ldif
2. Enable an external authentication method for CustomerID
Step 1: Enable Github as authentication method in SSO Management Console
Open SSO Management Console with your administrator account.
Go to eIDM Services site.
On Site Methods, add Github.oauth2.1.
On Applications, you will see two applications: eidm2 and workflow.
For each of these two applications go to Allowed Methods and add github.oauth2.1. It's important that you add github.oauth2.1 as allowed method for both eidm2 and workflow.
Ensure to add Github Authentication Method in ‘eIDM Users’--> 'Site Methods':
Step 2:Â Enable Github as authentication method in CustomerID
Open eidm2.properties with your text editor.
Find the line that starts with "methods.protected" and add Github.oauth2.1 as shown below. Â Â
Restart Wildfly.
Open CustomerID self-service login page https://localhost:7443/eidm2/wf/self-service
You will find Login with Github button under "Sign In Using a Provider"
Part 3: Link your accounts
Step 1: Link your accounts
Login to self-service. Click "Login with Github" button and you will be redirected to Github accounts login page.
Log in using some Github account and you will see the screen below. You are informed that user federation is not enabled (in red letters) so in this step you must log in with your CustomerID account one last time.
After successful login, you're prompted to link your account. Tick the box "Remember this next time" and click "Continue"
You are now logged in and you can see the account linking settings at the bottom of the page under "Federated Accounts".
Now log out from CustomerID. Obs: You must logout from Google too.
Step 2: Verify that you can log in to CustomerID directly with a Github account
Open self-service login page again https://localhost:7443/eidm2/wf/self-service
This time you will be able to log in directly using your Github credentials.
Step 3: Unlink your account
In the future, any user can unlink her own account from self service interface.