Configure to use the accounts which follow OAuth2 protocol
|
Feedback
|
iPortal, iServer and iEdge not only support using the existing account to log in, but also support using the third-party account which uses OAuth2.0 protocol. Below will show how to use it in iServer.
iServer currently supports directly configuring QQ, Sina Weibo, WeChat accounts login, also supports the use of other third-party accounts which follow OAuth2.0 protocol through extensions, please refer to: Extension for the use of other third-party accounts which follow OAuth2.0 protocol .
Third-party account login configuration
Log in to iPortal as an administrator, click Management > Security > Login Configuration > Third-party Login, you can add or manage third-party login configuration.
Configure QQ account login
- First, the iServer administrator needs to apply the APP ID and APP KEY parameters in http://connect.qq.com/login, for details please see: QQ website access instructions. Note: the administrator needs to copy the meta information which is used to verify the site address to the related text box to the configuration web page.
- Second, click "Add the third party login configuration" on the "Third-party login configuration" web page to open a dialog, fill APP ID, APP KEY and callback domain(the same one which is used to get APP ID and APP KEY), click OK to finish the QQ account login configuration.
- At last, the administrator can view the configured QQ account login way on the "Third-party login configuration" web page, also can delete, edit and start/stop the login way.
- The service domain provided by the administrator for the users must be identical with the related callback domain on "Third-party login configuration" web page.
Configure Sina Weibo account login
- First, the iServer administrator needs to apply the App Key and App Secret parameters in http://open.weibo.com/index.php, for details please see: Website access instructions. Note: the administrator needs to copy the meta information which is used to verify the site address to the related text box to the configuration web page.
- Second, click "Add the third party login configuration" on the "Third-party login configuration" web page to open a dialog, fill App Key, App Secret and callback domain(the same one which is used to get App Key and App Secret), click OK to finish the Sina Weibo login configuration.
- At last, the administrator can view the configured Sina Weibo account login way on the "Third-party login configuration" web page, also can delete, edit and start/stop the login way.
- The service domain provided by the administrator for the users must be identical with the related callback domain on "Third-party login configuration" web page.
Configure WeChat account login
- First, create an application. Administrators apply for developer in WeChat Open Platform (https://open.weixin.qq.com), After completing the registration and passing the qualification audit, select "Management Center" > "Website Application" > "Create Website Application" to create the application, the specific operation process can be seen in detail: Introduction to Website Access.
- Second, complete the application information. Fill in the name of the application, domain name, callback address and other information, of which the "site name" needs to be strictly consistent with the name registered for the record, "callback address" needs to be filled out in the following format: http(s)://{IP}:{port}/{contextPath}/services/security/login/WX/callback. where ip can be an IP address or a domain name, and when using a domain name, the default port number for the http protocol is 80, and the default port number for the https protocol is 443. Specific examples are as follows: http(s)://{IP}:{port}/{contextPath}/services/security/login/WX/callback. Fill in the form and submit it to us and wait for the audit. After the audit is passed, you can check the App ID and App Secret of the corresponding apps in the app management.
- At last, Configure iPortal: Login to iPortal as administrator, click "Add Third Party Login Configuration" button on the "Third-party login configuration" page to open the Add Third Party Login Configuration dialog box:
- Login method: Select "WeChat Account Login".
- App ID (App Unique Identifier): Fill in the App ID of the app created in WeChat Open Platform.
- App Secret (App Key): fill in the App Secret of the app created on WeChat Open Platform.
- Callback domain name: the callback domain name here is different from the callback address in the second step, just fill in the IP or domain name, such as: iptl.supermap.io.
Click the "OK" button to complete the configuration of the WeChat account login method.
Log in with third-party accounts
After the configuration, you can use the service domain(callback domain) to access the login page, view all the configured login ways, and use the third-party account to login iPortal, iServer or iEdge. Below will introduce how to login iServer with QQ account.
Click the button QQ account login to pop up the login page, input the correct QQ account name and password. If it is the first time to use this login way, after clicking "Authorize and login", it will display the following dialog:
If you already have an iServer account, please click "binding iServer account" to bind QQ account and iServer account, next time you can use both of them to login iServer, and when you use the QQ account to login, it will grant you the same privileges with the iServer account role.
If you don't have an iServer account, or you don't want to bind iServer account and QQ account, please click Immediate login button. The user name will be a random string which can be viewed in the user management page(http://localhost:8090/iserver/manager/security/users). Note: If you don't bind the two accounts at the first time, you can only use QQ account to login iServer later on, and only can access the service instances.