OAuth2 Single Sign-On (SSO) with the new OAuth 2.0 Login module

Tags: #<Tag:0x00007f0f179ca860> #<Tag:0x00007f0f179ca748>

Dear all,

Since the resolution of TRUNK-381 it is possible to Spring-wire custom authentication schemes to OpenMRS Core, thereby overriding the default UsernamePasswordAuthenticationScheme.

I would like to present one use case using this new feature to achieve SSO using OAuth2 with the new OAuth 2.0 Login module:

I have made sure to ship it with an extensive set of READMEs that in particular explain how this can be done with JBoss Keycloak and Google API. Not sure if the latter will ever be used in production, but the former can definitely be.

Perhaps one day will we have our demo and QA servers letting us in with OpenMRS ID :slight_smile: , @cintiadr? I would be happy to help.

@angshuonline another use case would be for Bahmni to ship with Keycloak (or equivalent) and have SSO working across all its components.

This is still beta code and the module is awaiting a first release, I would like to invite all of you to test it and provide feedback.

Thanks to all who have made this possible, in particular:

  • @amine for the scouting and pioneering work.
  • @lilian for the usual insight and directions.
  • @dkayiwa for challenging our approach to TRUNK-381 and getting things merged in.

Cc: @bdr @sunbiz @dev2 @dev3 @dev4 @dev5

5 Likes

This is awesome! I am gonna look out for ways we can leverage this new authentication scheme into https://github.com/openmrs/openmrs-module-oauth2 which also uses UsernamePasswordAuthenticationScheme.

well … I’ve been poking around and scratching my head while staring at https://github.com/openmrs/openmrs-module-oauth2login.

To test this I've been using the Bahmni Virtual Box ([https://bahmni.atlassian.net/wiki/spaces/BAH/pages/14712841/Bahmni+Virtual+Box)](https://bahmni.atlassian.net/wiki/spaces/BAH/pages/14712841/Bahmni+Virtual+Box)
on my Linux laptop, along with the docker image of Keycloak.  I'm

now trying to figure out here to put the OpenMRS OAuth login module on the BAhmni Virtual Box. In reading the instructions found on github (), I’ve not found the “path” to install these files. I read: but I cannot find a directory that possesses the shown content: I’m confused after staring at the following directories: Cheers!

ioaaclhemfdlpjfb.png

Inside the box, that’d be in /opt/openmrs/modules.

Are you looking at enabling SSO within Bahmni?

Thanks!

I am looking at enabling SSO within Bahmni, using Google as the

primary authentication source/provider. I’ll let you know how this proceeds as it is now my primary focus.

Great, everything should be fine with the EMR part, but I’ll be curious to know your findings.

Odoo “should” be configurable to delegate authentication to a OAuth2 provider, but there’s some research to be done.

But then you’ll most likely hit a wall with OpenELIS, but let’s see when you get there.

Hallo,

Is there anyone in the community currently using this module on any OpenMRS version 2.X and does it work?

Hi @hngondoki yes we do on a large-scale OpenMRS entreprise integration. Against Core 2.3.x.

Noted. Thanks

@hngondoki what’s your use case?

Also note that the README promises something that’s not yet implemented about the initial set of roles to give to users when they are being created (see here). Not a big deal to run the last mile though. However somehow we never had to prioritise it. I detailed it here already: GSoC 2020: Advancement of OAuth2 Module and Improvements in SMART OWA