OAuth2 Configuration¶

Once you have the required values from your OAuth provider, follow these steps to configure OAuth SSO for the portal.

Self-Managed and Data Plane

Step 1: SSH into Privacera Instance¶

SSH into the instance where Privacera is installed.

Step 2: Navigate to the Privacera Manager Directory¶

Bash
1	`cd ~/privacera/privacera-manager`

Step 3: Copy the sample OAuth configuration file to the custom configuration directoryor¶

if the file vars.okta.yml already exists, compare and add any new or updated properties from the sample file:

Bash
1	`ls config/custom-vars/vars.okta.yml`

If the file does not exist, copy the sample configuration file: vars.portal.oauth.yml

Bash
1	`cp config/sample-vars/vars.portal.oauth.yml config/custom-vars/vars.portal.oauth.yml`

Note

If config/custom-vars/vars.okta.yml already exists, manually check and merge any new properties from: config/sample-vars/vars.portal.oauth.yml

Step 4: Edit the configuration file:¶

Bash
1	`vi config/custom-vars/vars.portal.oauth.yml`

Update the required fields in the configuration file. The following properties are required for OAuth configuration:

YAML
OAUTH_CLIENT_CLIENTID: "<YOUR_CLIENT_ID>"
OAUTH_CLIENT_CLIENTSECRET: "<YOUR_CLIENT_SECRET>"
OAUTH_CLIENT_ISSUER_URI: "<YOUR_ISSUER_URI>"
OAUTH_CLIENT_AUTH_URI: "<YOUR_AUTHORIZATION_ENDPOINT>"
OAUTH_CLIENT_TOKEN_URI: "<YOUR_TOKEN_ENDPOINT>"
OAUTH_RESOURCE_USER_INFO_URI: "<YOUR_USER_INFO_ENDPOINT>"
PORTAL_UI_SSO_ENABLE: "true"
PORTAL_SSO_OAUTH_ENABLE: "true"

Example Configrations¶

OAuth configuration properties

YAML
OAUTH_CLIENT_CLIENTID: "<YOUR_CLIENT_ID>"
OAUTH_CLIENT_CLIENTSECRET: "<YOUR_CLIENT_SECRET>"
OAUTH_CLIENT_ISSUER_URI: "https://example-idp.com/oauth2"
OAUTH_CLIENT_AUTH_URI: "https://example-idp.com/oauth2/v1/authorize"
OAUTH_CLIENT_TOKEN_URI: "https://example-idp.com/oauth2/v1/token"
OAUTH_RESOURCE_USER_INFO_URI: "https://example-idp.com/oauth2/v1/userinfo"
PORTAL_UI_SSO_ENABLE: "true"
PORTAL_SSO_OAUTH_ENABLE: "true"

# You may need to adjust the OAuth scope based on your IdP requirements.
OAUTH_CLIENT_SCOPE: "openid,profile,email"

Step 5: Save and close the file.¶

Deploying the Service¶

Step 1 - Setup which generates the helm charts. This step usually takes few minutes.

Bash
cd ~/privacera/privacera-manager
./privacera-manager.sh setup

Step 2 - Apply the Privacera Manager helm charts.

Bash
cd ~/privacera/privacera-manager
./pm_with_helm.sh upgrade

Step 3 - Post-installation step which generates Plugin tar ball, updates Route 53 DNS and so on.

Bash
cd ~/privacera/privacera-manager
./privacera-manager.sh post-install

Prev
- Prerequisites
Next
- Validations