Authentication Setup

GitHub OAuth Setup

OvalEdge is a data catalog that creates a comprehensive compilation of all the data sources in an organization for better access and analysis of data. The OvalEdge application can be accessed with the regular user credentials provided by the OvalEdge administrator team or it can be accessed through the GitHub user credentials. Here the user having access to GitHub can also access the OvalEdge through OAuth Configuration. 

To access the OvalEdge application through GitHub, the following tasks needs to be completed:

  1. Create an OAuth App in the GitHub application
  2. Configure the OAuth App in the GitHub application
  3. Configure the OAuth Properties in the OvalEdge application
  4. Enable the OAuth authentication in the OvalEdge application
  5. Access to OvalEdge application through GitHub
Let us see all the above tasks in detail. 

Creating an OAuth App

To create an OAuth App in the GitHub application, complete the following steps:

  • Enter the GitHub web address (https://github.com/) in the web browser, the GitHub home page is displayed.
  • In the GitHub home page, click on the Sign In button. The Sign in GitHub page is displayed.
  • In the Sign in GitHub page, enter the required username or email address and password in the respective Username or email address and Password fields. 
  • Click on the Sign In button, the entered user credentials are validated and the GitHub home page is displayed.

Note: If the entered user credentials are not valid, then an appropriate error message is displayed.

  • In the GitHub home page at the header menu click on the User Profile icon, the user profile settings dropdown is displayed.
  • In the user profile settings dropdown, select the Settings option. The Public profile home page is displayed.
  • In the public profile home page, click on the Public email field. The email address associated with the logged in user is displayed in the Public email field. If the email address of the logged in user is not displayed in the Public email field, then click on the email setting hyperlink. The Emails page is displayed.
  • In the Emails page uncheck the “Keep my email addresses private” checkbox. Here the system will automatically update the email settings and set the user email address as public. 
  • To verify the email address as public, click on the Profile link. The Public Profile main page is displayed.
  • In the Public profile page, click on the Public email field. The email address associated with the logged in user is displayed in the dropdown.
  • Select the email address from the Public email dropdown list and set it as public.

Note: By default, the First Name and Last Name of the logged in user is displayed in the Name field. If the name is not displayed, enter the First Name and Last Name of the user.

  • In the Public profile page at the left menu, click on the Developer Setting link. The Developer Settings home page is displayed.
  • In the Developer Settings page, click on the OAuth Apps link. The OAuth Apps section is displayed on the right section of the page.
  • In the OAuth Apps section, click on the New OAuth App button. The Register a new OAuth application page is displayed.
  • In the Register a new OAuth application page, enter the following details:
    • Enter the name of the in the Application Name textbox. Example: OvalEdge
    • Enter the homepage url of the application in the Homepage URL textbox. Example: http://localhost:8080/ovaledge 
    • Enter the description of the application in the Application description textbox. Example: OvalEdge OAuth
    • Enter the authorization callback url in the Authorization callback URL textbox. Example: http://localhost:8080/ovaledge 

Note: All the mandatory fields in the Register a new OAuth application page are notified with a "*", without entering the details in the mandatory fields, if the user clicks on the Register application button, an appropriate error message is displayed. 

  • After entering the details in the required fields, click on the Register application button, the newly created application page is displayed.
  • In the newly created application page, verify the Client ID and Client secrets and capture the Client details, these details will be used in the OAuth Properties configuration. 
  • If the Client secrets are not available, click on the Generate a new client secret button. The Client secrets textbox is displayed.
  • In the Client secrets textbox, enter the required client secrets code and click on the Generate a new client secret button. The entered client secrets code is generated and the newly created application page is displayed.
  •  After verifying the Client ID and Client secrets details, click on the Update application button. The application updated successfully message will be displayed.

Configuring OAuth Properties

To configure the OAuth Properties in the OvalEdge Application, complete the following steps.

  • Open the “ovaledge.war” file and access the below path in the tomcat server:
    apache-tomcat-8.5.38\webapps\ovaledge\WEB-INF\classes\oasis.properties
  • In tomcat server, navigate to the “classes” folder and modify the oasis properties as mentioned below:

Existing Properties

spring.security.oauth2.client.registration.google.clientId=clientId

spring.security.oauth2.client.registration.google.clientSecret=clientSecret

spring.security.oauth2.client.registration=google

Modified Properties

spring.security.oauth2.client.registration.github.clientId=clientId

spring.security.oauth2.client.registration.github.clientSecret=clientSecret

spring.security.oauth2.client.registration=github

spring.security.oauth2.client.registration.github.orgs=<Organization Name>

spring.security.oauth2.client.registration.github.scopes=user:email,read:org
  • Enter the Client ID and Client secrets captured from the newly created application page of the GitHub in the respective clientId and clientSecret values.

Note: 

  1. The oasis properties path varies from one Client to another Client, if the Client provides the external path for the oasis properties file, then the user should access the respective external path and modify the oasis properties.
  2. The spring.security.oauth2.client.registration.github.orgs should be provided with the organization names configured at the GitHub. Here multiple organization names can be included with comma separated values and the organization names provided under this property will be validated against the configured GitHub organization names. 
  3. The spring.security.oauth2.client.registration.github.scopes should be provided with the user:email and read:org scopes to read the primary email address and organization details from GitHub.

Enable OAuth Authentication 

To enable the OAuth Authentication in the OvalEdge Application, complete the following steps.

  • Navigate to tomcat bin folder and create or update the bat file with below command
    • Windows: 
Update the setenv.bat to set CATALINA_OPTS="-DOVALEDGE_SECURITY_TYPE=oauth2"
    • Linux:
Update the setenv.sh to export CATALINA_OPTS="-DOVALEDGE_SECURITY_TYPE=oauth2"
  • Once after updating the .bat or .sh files, restart the OvalEdge application. 

Accessing the OvalEdge application

To access the OvalEdge application through GitHub, navigate to the OvalEdge Sign In screen, the new option Continue with GitHub is displayed.

In the OvalEdge Sign In screen, click on the Continue with GitHub, the Sign In to GitHub login screen is displayed. Here the user can provide the required GitHub credentials and access the OvalEdge application.