Using Google as your Single Sign-On Provider

If your institution uses Google as your Single Sign-On provider for READynamic, your users will be able to log on to READynamic with their Gmail accounts.

For OAuth2 to work with Google, you will need to edit the omniauth_configurations.yml configuration file. We describe this process later in this section.

To configure OAuth2 to work with Google, start by going to the Google Developer’s site. Visit:

https://console.developers.google.com

A Google Sign-on window appears. Log on to this developer dashboard. Any Gmail address will work, though you would probably want to use an address intended as an administrator account for your institution.

The Dashboard appears for Google APIs.

First, enable the Google+ API.

ClickEnable button on the top of the screen.

Search field

From the search field that appears, also at the top of the screen, type Google+ API. You don’t need to press ENTER. The option for the Google+ API appears.
Google+ API icon

Click the picture, and then click Enable button to enable the API.

On the upper left side of the window, click Credentials.
Credentials option

Click Create Credentials button. A drop down list appears.

Create Credentials dropdown

Select OAuth Client ID.

Create Credentials dropdown

Select Web application.

Create Credentials dropdown

Enter a name for the new Client.

Provide a web address for the “Authorized redirect URIs” field.  After Google authorizes a client for access, Google will direct the client back to this address for log on requests to READynamic. For READynamic, this is usually based on the URL for your customer portal. Your address should look something like this:

http://boxcollege.readynamic.com/auth/google_oauth2/callback

Click Create button.

Google will show a result message for your new OAuth client:
Result

Click OK.

A window appears where you can copy or edit values.

Result

Google will automatically assign your new OAuth2 client a set of keys, a Client ID and a Client secret. See the example below.

Client ID 949077472828-hqoh5jova51dxrer7grm7k74b2c6jg18.apps.googleusercontent.com
Client secret 9CI-IkI_qZotHflIaGoq-Bmm

The Client ID is used with the customer’s OAuth2 service provider to identify the software product or service in use.

The Client security key used to identify the OAuth2 consumer with the customer’s service provider. The Single Sign-On service provider will provide this code.

You will need to copy these values and add them to the omniauth_overrides.YML configuration file included with your READynamic installation package.

omniauth_configurations.yml

Edit the parameter settings in the omniauth_overrides.YML configuration file.

Look for the settings for Google OAuth2 strategy:

  # Google OAuth2 strategy, uses the google_oauth2 gem
  google_oauth2:
    client_id: 
    secret: 
    redirect_uri: 

Copy the Client ID and client secret from your Google OAuth client and add them to these parameters in this YML file.

You also need to provide a web address for the redirect_uri value. This is the same web address you added to the “Authorized redirect URIs” field on the Create OAuth Client ID screen from the Google Console Developer’s Screen. Google will direct the client back to this address for log on requests to READynamic. For READynamic, this is usually based on the URL for your customer portal.

Your result should look something like this:

  # Google OAuth2 strategy, uses the google_oauth2 gem
  google_oauth2:
    client_id: 949077472828-hqoh5jova51dxrer7grm7k74b2c6jg18.apps.googleusercontent.com
    secret: 9CI-IkI_qZotHflIaGoq-Bmm
    redirect_uri: http://boxcollege.readynamic.com/auth/google_oauth2/callback

server_configuration_overrides.yml

You also need to edit two settings in the server_configuration_overrides.YML configuration file, enabled and redirect. Look for the content related to OmniAuth:

# if enabled, omniauth initializer loads "config/omniauth.yml"
  # and makes configured omniauth strategies available via OMNIAUTH_CONFIG
  omniauth:
    enabled: true
    # true, if 'providers' route is supported.
    # This route shows all the omniauth providers configured in omniauth.yml.
    # Currently it is only enabled in ATB Pro
    providers: false

    # if login_strategy is enabled, portal's home will be redirected to "redirect" path
    login_strategy:
      enabled: true
      redirect: /auth/google_oauth2

Make sure that Omniauth is enabled, and that a redirect path name is provided, like this:

      enabled: true
      redirect: /auth/google_oauth2