EF Portal + OpenIDC

• Overview
• Requirements
• Architecture
• General flow
• Installing

Overview

EnginFrame Portal can be integrated with any Identity Provider (IDP) that use OpenIDC standard using a simple PHP code that will connect your IDP dashboard login to EF Portal web dashboard.

Requirements

• Apache 2.4.37+ service with SSL certificate and the modules: php, mod_ssl and mod_proxy_html
• PHP 8.2 or newer

Architecture

The Apache is used to talk with IDP server using https protocol fllowing OpenIDC standard, and will use PHP service to process the requests to IDP server and forward the user to EnginFrame Portal logged area.

We used only opensource and free software to make this integration possible.

General flow

Here are a datailed steps about how the login is done:

• You need to configure the PHP code with the IDP App credentials (clent id and client key) that will be used to request a Token;
• The Apache service will listen a specific URL to start the authentication;
• The Apache will redirect the user to the IDP server where the authentication will happen, with a callback URL (also configured in the IDP server) that will, after successful login, redirect the user back to the Apache with a authorization code;
• The Apache will forward the authorization code to PHP application;
• The PHP application, with the authorization code and IDP App credentials, will request to the IDP server the Token;
• If authorization code and IDP App credentials are right, the IDP server will send the Token to Apache, that will forward to PHP service to continue the auth process;
• The PHP service will get the user login from IDP server (this can be changed to any information available in the IDP server);
• The login and the token will be encrypted to send to EF Portal the data using https connection;
• The PHP service will talk with EnginFrame Portal backend to get the CSRF token and, after that, will send the username and token encrypted to EF Portal and, finally, will redirect the user to EF Portal web dashboard;
• EF Portal will receive the user, decrypt the username and the Token, and will try to request the IDP server, using the Token, if the user is valid and active, if is the case. If everything is ok, the EF Portal will map te remote user to a local user (according ef.user.mapping logic) and redirect the user to its logged area.

Installing

Please follow this github repository.