Identity Providers
Pocket ID SSO
Configure Pocket ID Single Sign-On using OpenID Connect
The following steps will integrate Pocket ID with Pangolin SSO using OpenID Connect (OIDC).
After you have created the OIDC Client, take note of the following fields from the top of the page (click “Show more details” to see all of them):
When you’re done, click “Create Identity Provider”! Then, copy the Redirect URL in the “General” tab as you will now need this for your Pocket ID OIDC client.
Prerequisites
Before you can start, you’ll need to have Pocket ID accessible and ensure it’s not secured with Pangolin SSO.Creating an OIDC Client in Pocket ID
In Pocket ID, create a new OIDC Client.1
Set Name
Set the name to something memorable (eg. Pangolin).
2
Configure Callback URL
Set “Callback URLs” to
https://<your-pangolin-domain>/auth/idp/<idp-id>/oidc/callback.3
Keep Defaults
All other values can be kept as default.
The callback URL is displayed in the IdP settings after you create the IdP in Pangolin.
- Client ID
- Client secret
- Authorization URL
- Token URL
Configuring Identity Providers in Pangolin
In Pangolin, go to the Server Admin section. Select “Identity Providers” before proceeding with the “Add Identity Provider” button. Name should be set to something memorable (eg. Pocket ID). The Provider Type should be set to the defaultOAuth2/OIDC.
OAuth2/OIDC Configuration (Provider Credentials and Endpoints)
In the OAuth2/OIDC Configuration, you’ll need the following fields:The Client ID from your Pocket ID OIDC client.
The Client secret from your Pocket ID OIDC client.
The Authorization URL from your Pocket ID OIDC client.
The Token URL from your Pocket ID OIDC client.
Token Configuration
You should leave all of the paths default. In the Scopes field, addopenid profile email.
Set the Identifier Path to “preferred_username” for Pocket ID integration.