OpenSRP uses Oauth2 to support single sign on.
...
No Format |
---|
#Make sure to activate the oauth2 profile opensrp_maven_package_profiles: - postgres - jedis - oauth2 opensrp_oauth_profiles: default: client_id: "opensrp-trusted-client" secret: "O@aTHS#cr3t" grant_types: - password - authorization_code - refresh_token - implicit scope: - read - write - trust token_validity: 3600 callback_url: "" roles: - ROLE_CLIENT androidclient: client_id: "android-apps-client" secret: "Dr01dS#cr3t" grant_types: - password - refresh_token scope: - read - write - trust token_validity: 3600 callback_url: "" roles: - ROLE_CLIENT |
2. Keycloak
When using keycloak, OpenSRP has only the resource server, keycloak acts as the authentication server. To configure Keycloak refer to this documentation Setting up Keycloak
When configuring OpenSRP to use keycloak via playbooks define the below variables on your inventories for the OpenSRP group vars
...
To configure keycloak manually download keycloak OIDC JSON config and store in WEB_INF foider when building your server. Refer to Setting up Keycloak and https://www.keycloak.org/docs/latest/server_admin/#_client_installation for further details