dhis2-users team mailing list archive

[Edward Robinson <erobinson@xxxxxxxxxxxxxxxxxx>]

This is old (2014) but still an interesting slide deck on OpenID Connect
http://wiki.openid.net/w/file/fetch/80030063/OpenID_Connect_Overview_May_5_2014.pdf

Ed

From: Dhis2-users [mailto:dhis2-users-bounces+erobinson=projectbalance.com@xxxxxxxxxxxxxxxxxxx] On Behalf Of Edward Robinson
Sent: Monday, 07 August 2017 3:53 PM
To: Jason Phillips <jason@xxxxxxxx>; Morten Olav Hansen <morten@xxxxxxxxx>
Cc: DHIS 2 Users list <dhis2-users@xxxxxxxxxxxxxxxxxxx>
Subject: Re: [Dhis2-users] OAuth & Single-Sign-on / CAS with DHIS2

Just adding my 5c – OpenID has been superseded by OpenID connect<https://openid.net/connect/faq/>
These may be interesting reading too:
http://lightstep.com/blog/everything-I-wish-I-knew-about-enterprise-sso/
https://developers.google.com/identity/protocols/OpenIDConnect


Cheers
Ed

From: Dhis2-users [mailto:dhis2-users-bounces+erobinson=projectbalance.com@xxxxxxxxxxxxxxxxxxx] On Behalf Of Jason Phillips
Sent: Monday, 07 August 2017 11:57 AM
To: Morten Olav Hansen <morten@xxxxxxxxx>
Cc: DHIS 2 Users list <dhis2-users@xxxxxxxxxxxxxxxxxxx>
Subject: Re: [Dhis2-users] OAuth & Single-Sign-on / CAS with DHIS2

Hi Morten,

Thanks for your reply.

We did consider LDAP – and it’s certainly still on the table – but were definitely, based on your response, heading in the wrong direction; I have been investigating a number of OpenID server entities instead, so I am grateful for your advice.
We’ll experiment with LDAP instead, and see where we wind up!  One day soon, we hope to begin documenting and sharing with the community all our “solutions”, so will eventually revert with our end-game…

Kind Regards,
Jason Phillips
[hisp]
Information Systems / Infrastructure
Health Information Systems Program
____________________________________
This message and any attachments are subject to a disclaimer published at http://www.hisp.org/policies.html#comms_disclaimer.  Please read the disclaimer before opening any attachment or taking any other action in terms of this electronic transmission.  If you cannot access the disclaimer, kindly send an email to disclaimer@xxxxxxxx<mailto:disclaimer@xxxxxxxx> and a copy will be provided to you. By replying to this e-mail or opening any attachment you agree to be bound by the provisions of the disclaimer.


From: Morten Olav Hansen [mailto:morten@xxxxxxxxx<mailto:morten@xxxxxxxxx>]
Sent: Sunday, 06 August 2017 7:49 PM
To: Jason Phillips <jason@xxxxxxxx<mailto:jason@xxxxxxxx>>
Cc: DHIS 2 Users list <dhis2-users@xxxxxxxxxxxxxxxxxxx<mailto:dhis2-users@xxxxxxxxxxxxxxxxxxx>>
Subject: Re: [Dhis2-users] OAuth & Single-Sign-on / CAS with DHIS2

Hi Jason

Have you considered using LDAP? we have had support for that a few releases. OpenID is basically deprecated, and I suggest not going that route. OAuth2 does not itself contain any authentication protocols (we are using basic or form based to get the bearer token).

We have a issue for adding OpenID connect support (OpenID 2 + OAuth2) but that's not something that is coming soon.

--
Morten Olav Hansen
Senior Engineer, DHIS 2
University of Oslo
http://www.dhis2.org

On Fri, Aug 4, 2017 at 10:38 AM, Jason Phillips <jason@xxxxxxxx<mailto:jason@xxxxxxxx>> wrote:
Greetings, community!

HISP SA is looking at ways to implement a single-sign-on solution within our hosted DHIS2 instances, potentially using OAuth and a self-hosted central OpenID/OpenAuth server entity (or even a dhis2 instance?) for authentication.
Has anyone got any experience with implementing such a solution, and/or any advice about what the best practice could/would be to do so?
The aim would be to try and get all dhis2 instances to share a single user’s password across the board, and ideally be able to revoke, manage and control access to all instances in a single location.

Any advice, comments, suggestions or guidance would be most welcome.

Kind Regards,
Jason Phillips
[hisp]
Information Systems / Infrastructure
Health Information Systems Program
____________________________________
eMail:               jason@xxxxxxxx<mailto:jason@xxxxxxxx>
Tel/Fax:            +27 21 712 0170<tel:+27%2021%20712%200170>
Cell:                 +27 72 973 7250<tel:+27%2072%20973%207250>
Skype:             jason.n.phillips
This message and any attachments are subject to a disclaimer published at http://www.hisp.org/policies.html#comms_disclaimer.  Please read the disclaimer before opening any attachment or taking any other action in terms of this electronic transmission.  If you cannot access the disclaimer, kindly send an email to disclaimer@xxxxxxxx<mailto:disclaimer@xxxxxxxx> and a copy will be provided to you. By replying to this e-mail or opening any attachment you agree to be bound by the provisions of the disclaimer.

[cid:image002.jpg@01D2F4CE.CFC9B9B0]
See the conference website<https://www.ehealthalive.org/> for more information!




This message and any attachments are subject to a disclaimer published at http://www.hisp.org/policies.html#comms_disclaimer.  Please read the disclaimer before opening any attachment or taking any other action in terms of this electronic transmission.  If you cannot access the disclaimer, kindly send an email to disclaimer@xxxxxxxx<mailto:disclaimer@xxxxxxxx> and a copy will be provided to you. By replying to this e-mail or opening any attachment you agree to be bound by the provisions of the disclaimer.

_______________________________________________
Mailing list: https://launchpad.net/~dhis2-users
Post to     : dhis2-users@xxxxxxxxxxxxxxxxxxx<mailto:dhis2-users@xxxxxxxxxxxxxxxxxxx>
Unsubscribe : https://launchpad.net/~dhis2-users
More help   : https://help.launchpad.net/ListHelp



This message and any attachments are subject to a disclaimer published at http://www.hisp.org/policies.html#comms_disclaimer.  Please read the disclaimer before opening any attachment or taking any other action in terms of this electronic transmission.  If you cannot access the disclaimer, kindly send an email to disclaimer@xxxxxxxx<mailto:disclaimer@xxxxxxxx> and a copy will be provided to you. By replying to this e-mail or opening any attachment you agree to be bound by the provisions of the disclaimer.