# OAuth2 Configuration
You can configure your OAuth2 provider(s) in the administration are of the 4ALLPORTAL, in admin snap-in OAuth Configurations.
The exact steps and requirements for configuring depends on your target oAuth2 provider:
- Facebook configuration guide
- Google configuration guide
- GitHub configuration guide
- Keycloak configuration guide
# Prerequisite: HTTPS
For security reasons, Service Provider, Identity Provider and the 4ALLPORTAL should always communicate via HTTPS. Mixing HTTP and HTTPS can cause various errors. Chrome e.g. sends "null" for CORS origin and the access from the IDP to the 4ALLPORTAL is blocked.
# Prerequisite: Certificate
If the identity provider's certificate is not accepted by the default Java keystore, you will need to make sure that your provider's certificate is imported into the Java keystore by simply exporting it, e.g. via Firefox:
keytool -importcert -file {fileName}.pem -alias {certificateName}
# OAuth2 Admin Snap-in
In admin snap-in Authentication/OAuth Configurations you can make the following settings:
The first part of fields (from Provider name to Language mapping as well as URL after logout) is our general authentication configuration.
Basic Authentication Configuration
For general authentication information and further configuration options (default provider or login screen), refer Core Engine's basic authentication provider documentation (opens new window).
The second part of fields (from Client ID to Scopes as well as Base URL) is OAuth2 specific:
| Field | Description |
|---|---|
| Base URL | enter your fully qualified domain name (FQDN) here, including subdomains (e.g. https://example.4allportal.net) |
| Client ID | enter your oAuth provider ID |
| Client secret | enter your oAuth provider secret |
| Access token URI | enter your oAuth provider's access token URI here |
| User authorization URI | enter your oAuth provider's user authorization URI here |
| User info URI | enter your oAuth provider's user info URI here |
| Scopes | enter scopes to limit an application's access to a user's account |
# After Configuration
- Optional: Change the login icon
GLOBAL-AUTHENTICATION_PROVIDER-{$provider_name}.4apiconby editing or replacing it in pathcustom/global/styles_pre_login/default. - Optional: Change the OAuth label keys
L-GLOBAL-CONNECTOR-{$provider_name}andL-GLOBAL-CONNECTOR-{$provider_name}-INFOin admin snap-inGeneral system configuration/Systemsettings/Translation Studio.
After changing, reload or restart (if reload is not sufficient) the 4ALLPORTAL.