Versions Compared

Old Version 8

changes.mady.by.user Samuel Githengi

Saved on

compared with

New Version Current

changes.mady.by.user Samuel Githengi

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

OpenSRP uses Oauth2 to support single sign on.

...

No Format
#Make sure to activate the oauth2 profile
opensrp_maven_package_profiles:
	- postgres
	- jedis
	- oauth2


opensrp_oauth_profiles:
  default:
	client_id: "opensrp-trusted-client"
	secret: "O@aTHS#cr3t"
	grant_types:
		- password
		- authorization_code
		- refresh_token
		- implicit
	scope:
		- read
		- write
		- trust
	token_validity: 3600
	callback_url: ""
	roles:
	- ROLE_CLIENT
  androidclient:
	client_id: "android-apps-client"
	secret: "Dr01dS#cr3t"
	grant_types:
		- password
		- refresh_token
	scope:
		- read
		- write
		- trust
	token_validity: 3600
	callback_url: ""
	roles:
		- ROLE_CLIENT


2. Keycloak


When using keycloak, OpenSRP has only the resource server, keycloak acts as the authentication server. To configure Keycloak refer to this documentation Setting up Keycloak 

When configuring OpenSRP to use keycloak via playbooks define the below variables on your inventories for the OpenSRP group vars

...

To configure keycloak manually download  keycloak OIDC JSON config and store in WEB_INF foider when building your server. Refer to Setting up Keycloak and  https://www.keycloak.org/docs/latest/server_admin/#_client_installation for further details