Integration
      Back to home
      1. Knowledge Base
      2. Installation and System Setup
      3. Integration

      Configuring Single Sign-On (SSO) using Google OAuth2

      Single Sign-On (SSO) is a user authentication method that enables access to multiple applications using a single set of credentials. Integrating SSO enhances user experience and reduces the overhead of managing multiple usernames and passwords across platforms. This document outlines the steps to configure SSO in OvalEdge using Google OAuth2.

      Purpose

      The purpose of this document is to provide a step-by-step guide for configuring Google OAuth2 as the identity provider for SSO in OvalEdge. This includes creating a Google project, generating OAuth credentials, and updating the configuration files within the OvalEdge environment.

      Process Overview

      1. Create a project in the Google Developer Console.
      2. Configure OAuth 2.0 credentials and consent screen.
      3. Obtain the Client ID and Client Secret.
      4. Configure OAuth2 parameters in the OvalEdge application.
      5. Set Tomcat runtime environment variables.
      6. Restart the OvalEdge application server.

      Prerequisites

      1. Access to Google Cloud Console
      2. Admin privileges in the OvalEdge application server
        Valid domain name and redirect URL for OvalEdge (e.g., https://<your-domain>/ovaledge/oauth2/code/google)
      3. Access to modify the oasis.properties file

      Configuration Steps

      1. Create a Project in Google Cloud Console

      1. Navigate to: https://console.developers.google.com
      2. Click the Open project picker in the top navigation bar.
      3.  Select the Resource and click on New Project.
      4. Enter a Project Name and click Create.
      5. After creation, click Select Project to open the newly created project.

        2. Enable OAuth2 and Configure Consent Screen

        1. Navigate to APIs & Services > Credentials.
        2. Click + CREATE CREDENTIALS and select OAuth client ID.
        3. Click on Configure consent screen:
        4. Click on the Create button to create a new consent screen.
        5. Click on Getting Started.
        6. Provide App Name and Support Email. Click on the Next button.
        7. Choose Internal as the user type (recommended for organizations)
        8. Add the Contact Email address and click on the Next button.
        9. Select the check for I agree…and click on the Continue button.
        10. Once the tick mark is enabled for App Information, Audience, Contact Information, and Finish, click on the Create button and navigate back to the Dashboard.

          3. Create OAuth Client ID

          1. From the Credentials tab, click + CREATE CREDENTIALS > OAuth client ID.
          2. Choose Application type as Web application.
          3. Enter a Name (e.g., OvalEdgeSSO).
          4. Under Authorized JavaScript origins, add:
            https://<your-domain>
          5. Under Authorized redirect URIs, add:
            https://<your-domain>/ovaledge/oauth2/code/google
          6. Click Create.
          7. Copy the Client ID and click on the Ok button.
          8. Navigate to Clients and click on the OAuth2.0 Client ID.
          9. From the Additional Information section, copy the Client ID and Client Secret. These will be used in the OvalEdge configuration.

            4. Update OvalEdge Configuration

            • Edit the oasis.properties file and add the following lines:
              • spring.security.oauth2.client.registration.google.clientId=<Your-Client-ID>
              • spring.security.oauth2.client.registration.google.clientSecret=<Your-Client-Secret>

            5. Enable OAuth2 in the OvalEdge Server

            • Set the VM argument to enable OAuth2: -DOVALEDGE_SECURITY_TYPE=oauth2

            A. For Windows (Tomcat):

            1. Navigate to the Tomcat/bin directory.
            2. Create a file named setenv.bat and add the following line:

            set CATALINA_OPTS=-DOVALEDGE_SECURITY_TYPE=oauth2

            B. For Linux/Unix (Tomcat):

            1. Navigate to the Tomcat/bin directory.
            2. Create a file named setenv.sh and add the following line:

            export CATALINA_OPTS="-DOVALEDGE_SECURITY_TYPE=oauth2"

            Make the script executable:

            chmod +x setenv.sh

            6. Restart the Server

            1. Restart the Tomcat server to apply the changes. Once the server is up, SSO using Google OAuth2 will be active for OvalEdge.
            2. Navigate to the OvalEdge application.
            3. Click on the Continue with Google button.
            4. Choose a Google OAuth 2.0 account, the account details are validated, and the OvalEdge Home page will appear on successful login.

            Conclusion

            Upon successful configuration, users will be able to log in to OvalEdge using their Google account credentials, streamlining authentication and access control across the application.

            Copyright © 2025, OvalEdge LLC, Peachtree Corners, GA USA