Add new attachment

Only authorized users are allowed to upload new attachments.

List of attachments

Kind Attachment Name Size Version Date Modified Author Change note
png
app_reg_auth_config.png 160.8 kB 1 11-Feb-2022 03:18 krivacsz
png
app_reg_config.png 173.1 kB 1 11-Feb-2022 03:10 krivacsz
png
b2c_azure_settings.png 184.4 kB 1 13-Jul-2022 05:39 krivacsz
png
b2c_client_id.png 127.2 kB 1 13-Jul-2022 06:01 krivacsz
png
b2c_id_token.png 207.0 kB 1 13-Jul-2022 05:49 krivacsz
png
cognito_client_id_secret.png 66.4 kB 2 21-Nov-2022 04:11 krivacsz
png
cognito_user_pool.png 82.3 kB 2 21-Nov-2022 04:07 krivacsz
png
cognito_user_pool_app_client_1... 244.9 kB 1 07-Sep-2022 03:29 krivacsz
png
cognito_user_pool_app_client_2... 340.5 kB 1 07-Sep-2022 03:29 krivacsz
png
dmz_template_user_internal_por... 94.7 kB 1 13-Sep-2023 06:21 krivacsz
png
g_sign_origin_redirect_url.png 85.4 kB 1 19-Nov-2022 08:24 krivacsz
png
gsign_in_button.png 204.4 kB 1 23-Aug-2021 16:11 krivacsz
png
http_port_oauth_item_settings.... 43.5 kB 1 13-Sep-2023 05:43 krivacsz
png
plugin_settings.png 99.6 kB 7 17-Feb-2023 10:22 krivacsz
png
port_item_settings.png 76.4 kB 2 11-Feb-2022 02:41 krivacsz
png
port_item_settings_b2c.png 105.6 kB 1 13-Jul-2022 06:29 krivacsz
png
port_item_settings_cognito.png 14.1 kB 2 07-Sep-2022 04:24 krivacsz
png
port_item_settings_ms.png 75.3 kB 1 11-Feb-2022 03:35 krivacsz

This page (revision-220) was last changed on 13-Sep-2023 06:32 by krivacsz

This page was created on 23-Aug-2021 14:39 by krivacsz

Only authorized users are allowed to rename pages.

Only authorized users are allowed to delete pages.

Difference between version and

At line 1 changed one line
!!Enterprise Licenses Only\\
Constraint: __Enterprise Licenses Only__\\
This plugin allows you to delegate access to OAuth ([https://en.wikipedia.org/wiki/OAuth]) providers. On the CrushFTP's login page next to the login button will appear the enabled provider's "__Signed in"__ button".\\
Currently __Google Sign-In__([Google Sign in Configuration]), __Microsoft Sign-In__([Microsoft Sign in Configuration]), __Azure Active Directory B2C Sign in__([Azure Active Directory B2C Configuration]) and __Amazon Cognito Sign in__([Amazon Cognito Configuration]) are supported.\\
At line 3 changed one line
!!__CrushOAuth Plugin__\\
It only works through __HTTP__ or __HTTPS__ protocol.\\
First configure an HTTP(S) port item with OAuth Sign In configuration.\\
[attachments|http_port_oauth_item_settings.png]\\
At line 5 changed 2 lines
This plugin allows you to delegate access of OAuth providers.\\
Currently only __Google Sign__ in is supported.\\
!!Supported types:\\
!1. Google Sign-In\\
See [Google Sign in Configuration]\\
!2. Microsoft Sign-In\\
See [Microsoft Sign in Configuration]\\
!3. Azure Active Directory B2C\\
See [Azure Active Directory B2C Configuration]\\
!4. Amazon Cognito\\
See [Amazon Cognito Configuration]\\
At line 8 changed one line
!__Google Sign-In__\\
!!Plugin Settings\\
At line 10 changed 2 lines
You will start at the API credentials manager:\\
[https://console.developers.google.com/projectselector/apis/credentials]\\
__1.__ __Username matching__ -> It filters the OAuth user name (Google Auth: email address, Microsoft Auth: user principal name). Allow multiple values separated by a comma. Domain filter is allowed (like *mydomain.com).\\
At line 13 changed 2 lines
You first need to make a project. My example calls this CrushFTP-Test.\\
[attachments|gDriveSetup/create_project.png]\\
__2.__ __Allowed authentication types__: Google Sign-In, Microsoft Sign-In, Azure Active Directory B2C Sign in and Amazon Cognito Sign. Configure the sign-in button on HTTP(S) server.\\
At line 16 changed 2 lines
Next select create credentials, and choose the Web Application type.\\
[attachments|gDriveSetup/create_credentials.png]\\
__3.__\\
__a.__ __Skip OTP processing__: CrushOAuth plugin is not compatible with [OTP Settings] as IDP (identity provider) can have its own two-factor authentication. Turning the flag to true will skip OAuth users from CrushFTP's OTP process.\\
__b.__ __Remove email suffix from username__: It removes the email suffix of the user name. Like username "my_user@email.com" will be "my_user".\\
__c.__ __Get Cognito user info__: Gets more info about Amazon Cognito users (like custom attributes). It is related only to __Amazon Cognito Sign in__.\\
At line 19 changed one line
[attachments|gDriveSetup/oauth_consent.png]\\
__4.__ OAuth only used for Authentication ([User Manager] defines user's access.) -> If users already exist in CrushFTP's User Manager, you can use the CrushOAuth plugin __just for authentication__.\\
At line 21 changed 2 lines
When configuring the credential, you have to tell Google the domain you will be originating from when creating the auth token, so this is the URL you use for server administration. Just the protocol://dns_or_ip:port Don't have a trailing slash or it will complain.\\
You also need to put in the redirect URL of where google is going to send back the Id token (Id Token : That will be used for authentication of the google user). Copy the Client ID that will be required to integrate the Google Sing-In Button.
__5.__ __Template Username__ -> The signed-in user inherits not just the settings, but the VFS items too (as Linked [VFS]).
At line 24 changed one line
!__Integrate Google Sign-In button__\\
__Import settings from CrushFTP user__ -> The signed-in user inherits just the settings from this user. __It must have a value! __Default value would be : __default__ -> the default user of CrushFTP\\
At line 26 changed one line
[attachments|gsign_in_button.png]\\
__6__ __OAuth Roles__ -> You can configure different Template Users (see 5.) based on IDP's (identity provider) attributes.\\
IDP Attribute examples:\\
{{{
Google Sign-In:
email_verified, idp_user_info, given_name, family_name, email_verified, group
Microsoft Sign-In:
mail, idp_user_info, displayName, jobTitle, businessPhones, mobilePhone, officeLocation, group
Amazon Cognito Sign-in:
email, username, identities, cognito:username, cognito:groups, custom:<<defined custom attributes>>
}}}
Role examples :
{{{
<<IDP attribute name>>=<<IDP attribute value>>,<<IDP attribute name>>=<<IDP attribute value>> : tmeplate user name
Like:
cognito:groups=Azure_SAML,custom:groups:test_group_one
or
cognito:groups=*SAML*,custom:groups:test_group_one
or
cognito:groups=REGEX:.*SAML$,custom:groups:test_group_one
}}}
At line 28 changed one line
Go to the Preferences-> Ip/Servers and select the HTTP or HTTPS port item where you want to enable the Google Sing-In button. Check the " Enable Google Sign in" flag and provide the Client ID of you Google project(mentioned above).\\
IDP attribute value: Exact match, Simple Match (like *mail.com*), Regex match (like REGEX:<<the regular expression>>), if the value is an array you can reference only one of the array element (exact match only). Like (IDP Attribute value -> __groups:[["group1","group2"]__ -> you can match with __group1__)\\
\\
\\
__7.__ VFS-related settings -> You can set custom [VFS] for CrushOAuth users.\\
\\
[attachments|plugin_settings.png]\\
\\
!!DMZ\\
\\
__1.__ Configure your OAuth Sign In settings on the DMZ's HTTP(S) port item.\\
__2.__ Configure the same OAuth Sign In settings on the Internal (Main) HTTP(S) port item. This port item must match with the port item configured at the DMZ template user's VFS. (See [DMZ])\\
\\
[attachments|dmz_template_user_internal_port.png]\\
\\
__3.__ Configure the OAuth plugin __only on the Internal (Main) instance__. !!!Do not configure the OAuth plugin on the DMZ too. See __Plugin Settings__ on the current page.\\
\\
Version Date Modified Size Author Changes ... Change note
220 13-Sep-2023 06:32 4.404 kB krivacsz to previous
219 13-Sep-2023 06:30 4.4 kB krivacsz to previous | to last
218 13-Sep-2023 06:30 4.392 kB krivacsz to previous | to last
217 13-Sep-2023 06:29 4.467 kB krivacsz to previous | to last
216 13-Sep-2023 06:29 4.368 kB krivacsz to previous | to last
215 13-Sep-2023 06:27 4.354 kB krivacsz to previous | to last
214 13-Sep-2023 06:26 4.347 kB krivacsz to previous | to last
213 13-Sep-2023 06:25 4.347 kB krivacsz to previous | to last
212 13-Sep-2023 06:24 4.344 kB krivacsz to previous | to last
211 13-Sep-2023 06:23 4.341 kB krivacsz to previous | to last
210 13-Sep-2023 06:22 4.337 kB krivacsz to previous | to last
209 13-Sep-2023 06:16 4.284 kB krivacsz to previous | to last
208 13-Sep-2023 06:13 4.263 kB krivacsz to previous | to last
207 13-Sep-2023 06:11 4.27 kB krivacsz to previous | to last
206 13-Sep-2023 06:10 4.273 kB krivacsz to previous | to last
205 13-Sep-2023 06:09 4.268 kB krivacsz to previous | to last
204 13-Sep-2023 05:55 3.963 kB krivacsz to previous | to last
203 13-Sep-2023 05:52 3.953 kB krivacsz to previous | to last
202 13-Sep-2023 05:48 3.949 kB krivacsz to previous | to last
201 13-Sep-2023 05:48 3.946 kB krivacsz to previous | to last
« This page (revision-220) was last changed on 13-Sep-2023 06:32 by krivacsz
G’day (anonymous guest)
CrushFTP10 | What's New

Referenced by
LeftMenu

JSPWiki