OpenId and bitrix

By: Vladislav Lvov user 19 Dec 2020 at 8:14 a.m. CST

2 Responses
Vladislav Lvov gravatar
Hello! We are developing a pilot project, and Gluu Server plays an important part in it. Our task is to provide users with access from Active Directory to different web services (https://www.bitrix24.com/ - crm, https://guacamole.apache.org/ - remote desktop). This is how I imagine this task: - we have AD - a credential store (at the testing stage we are using opendj integrated in Gluu and locally created users). - we have bitrix and quacamole (applications which AD users want to get access to). - we have Gluu server(+casa) which might be connected with bitrix and guacamole via OpenID. Now we've got gluu (https://gluu.ooovlo.ru) and bitrix (https://bitrix.ooovlo.ru) installed in Cloud. I created several users in Gluu (user1, user2). Also I created OpenID - Clients - OPENID CONNECT CLIENTS DETAILS ------------------------------ - Name: Bitrix - Client ID: 9eba2e42-f143-4089-b3a5-4c648f5e8997 - Subject Type: pairwise - ClientSecret: XXXXXXXXXXX - Application Type: web - Persist Client Authorizations: true - Pre-Authorization: false - Authentication method for the Token Endpoint: client_secret_basic - Logout Session Required: false - Include Claims In Id Token: false - Disabled: false - Login Redirect URIs: [https://bitrix.ooovlo.ru] This is how I want to get it to work: user1 log-in via casa, then this user gets a new account created in bitrix, where no password required. Unfortunately Bitrix24 is a specific product with no user guide or particular instructions how to connect it via openid. There's only a two field where i can set App Id and App secret. (Screenshot and log attached) I have no much experience with Gluu anf openid. Could you please advise how to connect these two services with each other. If you need logs, configs or my servers access, I can provide you with anything you need. Just let me know if I can be of any assistance from my side. here log and screenshot - https://dropmefiles.com/NvbX3
CentOS 7.0
closed

Answers

By Michael Schwartz Account Admin 20 Dec 2020 at 2:07 p.m. CST

Copy
Michael Schwartz gravatar
Vlad, I really have no idea. Is Bitrix is not open source? I couldn't find the code. It's hard to say what flow they are using if they only ask for client_id and secret. Just a few guesses: change the subject_type to public and map the username (instead of inum). As they are not asking for any specific claims or openid scopes, they must be using the subject identifier to correlate the user. You might contact Bitrix and ask them how to configure their application as an RP. If you figure out the answer, please post it here to help other users!

By Aliaksandr Samuseu staff 22 Dec 2020 at 5:47 p.m. CST

Copy
Aliaksandr Samuseu gravatar
Hey, Vladislav. Sorry, but seems like your sharing link is dead, and I can't get files from there again. That may be fine, as I would like to ask you to gather data again, following next steps: 1. Log in to web UI 2. Go to "Configuration -> JSON Configuration -> oxAuth Configuration" 3. Find "loggingLevel" property and set it to "TRACE" 4. Click the "Save configuration" button bellow We also would need a network trace of your attempt of using OpenID with Bitrix, presented as HAR file. You can use steps listed [here](https://www.inflectra.com/support/knowledgebase/kb254.aspx) - please use Firefox for that task, Chrome's HARs are flawed. Also don't forget to set "Persist log" and "Disable cache" checkboxes in the console to save everything, not just the recently loaded page. So you'll need to run the flow, while collecting the network trace data. export it as HAR, and share with us together with `/opt/gluu/jetty/oxauth/logs/oxauth.log`

Post an answer