dhis2-users team mailing list archive

[Jason Phillips <jason@xxxxxxxx>]

Hi Morten,



Thanks for your reply.



We did consider LDAP – and it’s certainly still on the table – but were
definitely, based on your response, heading in the wrong direction; I have
been investigating a number of OpenID server entities instead, so I am
grateful for your advice.

We’ll experiment with LDAP instead, and see where we wind up!  One day
soon, we hope to begin documenting and sharing with the community all our
“solutions”, so will eventually revert with our end-game…



Kind Regards,

*Jason Phillips*

[image: hisp]
*Information Systems / Infrastructure*

*Health Information Systems Program____________________________________*

This message and any attachments are subject to a disclaimer published at
http://www.hisp.org/policies.html#comms_disclaimer.  Please read the
disclaimer before opening any attachment or taking any other action in
terms of this electronic transmission.  If you cannot access the
disclaimer, kindly send an email to disclaimer@xxxxxxxx and a copy will be
provided to you. By replying to this e-mail or opening any attachment you
agree to be bound by the provisions of the disclaimer.





*From:* Morten Olav Hansen [mailto:morten@xxxxxxxxx]
*Sent:* Sunday, 06 August 2017 7:49 PM
*To:* Jason Phillips <jason@xxxxxxxx>
*Cc:* DHIS 2 Users list <dhis2-users@xxxxxxxxxxxxxxxxxxx>
*Subject:* Re: [Dhis2-users] OAuth & Single-Sign-on / CAS with DHIS2



Hi Jason



Have you considered using LDAP? we have had support for that a few
releases. OpenID is basically deprecated, and I suggest not going that
route. OAuth2 does not itself contain any authentication protocols (we are
using basic or form based to get the bearer token).



We have a issue for adding OpenID connect support (OpenID 2 + OAuth2) but
that's not something that is coming soon.


-- 

Morten Olav Hansen

Senior Engineer, DHIS 2

University of Oslo

http://www.dhis2.org



On Fri, Aug 4, 2017 at 10:38 AM, Jason Phillips <jason@xxxxxxxx> wrote:

Greetings, community!



HISP SA is looking at ways to implement a single-sign-on solution within
our hosted DHIS2 instances, potentially using OAuth and a self-hosted
central OpenID/OpenAuth server entity (or even a dhis2 instance?) for
authentication.

Has anyone got any experience with implementing such a solution, and/or any
advice about what the best practice could/would be to do so?
The aim would be to try and get all dhis2 instances to share a single
user’s password across the board, and ideally be able to revoke, manage and
control access to all instances in a single location.



Any advice, comments, suggestions or guidance would be most welcome.



Kind Regards,

*Jason Phillips*

[image: hisp]
*Information Systems / Infrastructure*

*Health Information Systems Program____________________________________*

eMail:               jason@xxxxxxxx
Tel/Fax:            +27 21 712 0170 <+27%2021%20712%200170>
Cell:                 +27 72 973 7250 <+27%2072%20973%207250>
Skype:             jason.n.phillips

This message and any attachments are subject to a disclaimer published at
http://www.hisp.org/policies.html#comms_disclaimer.  Please read the
disclaimer before opening any attachment or taking any other action in
terms of this electronic transmission.  If you cannot access the
disclaimer, kindly send an email to disclaimer@xxxxxxxx and a copy will be
provided to you. By replying to this e-mail or opening any attachment you
agree to be bound by the provisions of the disclaimer.



[image: cid:image002.jpg@01D2F4CE.CFC9B9B0]

See the conference website <https://www.ehealthalive.org/> for more
information!







*This message and any attachments are subject to a disclaimer published at
http://www.hisp.org/policies.html#comms_disclaimer
<http://www.hisp.org/policies.html#comms_disclaimer>.  Please read the
disclaimer before opening any attachment or taking any other action in
terms of this electronic transmission.  If you cannot access the
disclaimer, kindly send an email to disclaimer@xxxxxxxx
<disclaimer@xxxxxxxx> and a copy will be provided to you. By replying to
this e-mail or opening any attachment you agree to be bound by the
provisions of the disclaimer.*


_______________________________________________
Mailing list: https://launchpad.net/~dhis2-users
Post to     : dhis2-users@xxxxxxxxxxxxxxxxxxx
Unsubscribe : https://launchpad.net/~dhis2-users
More help   : https://help.launchpad.net/ListHelp

-- 


*This message and any attachments are subject to a disclaimer published at 
http://www.hisp.org/policies.html#comms_disclaimer 
<http://www.hisp.org/policies.html#comms_disclaimer>.  Please read the 
disclaimer before opening any attachment or taking any other action in 
terms of this electronic transmission.  If you cannot access the 
disclaimer, kindly send an email to disclaimer@xxxxxxxx 
<disclaimer@xxxxxxxx> and a copy will be provided to you. By replying to 
this e-mail or opening any attachment you agree to be bound by the 
provisions of the disclaimer.*