Content Comparison

...

Getting started

NOTE: FAST Members can access fully functional examples w/ localhost client ID on gitlab
https://git.uwaterloo.ca/fast/project/auth-examples/-/tree/main/oidc?ref_type=heads

• You will need to know your callback URL (depending on your software stack this might be predetermined, check documentation for your libraries!)

• If doing a reverse proxy to localhost on for example port 8080 it’s critical to firewall that port to only talk to your proxy server!

• Need to contact IST for a client key via a ticket

  • NEW: OpenID Connect

    • ISS-General 2FA https://uwaterloo.atlassian.net/servicedesk/customer/portal/2/group/413/create/1660

    • set summerysummary: “OIDC: add new web client“

    • set select topic you require assistance with: “Duo 2FA support”

    • set Additional comments

      Code Block
      ## The django module uses /oidc/duo/callback/ ## Apache uses /secure/redirect_uri callback URIs: - https://x.x.uwaterloo.ca/oidc/duo/callback/ - https://x-stage.x.uwaterloo.ca/oidc/duo/callback/ *group* in short format, not full DN. claims: winaccountname, group, email, name, given_name, family_name

• Combining authentication with Grouper defined NEXUS groups can be a robust solution

...