Host > SSO
Setting up Single Sign On with the CHT
Instructions and schema for SSO Login by OIDC
To support authenticating users with Single Sign-On (SSO) credentials (instead of CHT-specific usernames/passwords), the CHT can integrate with an external authorization server that supports the OpenID Connect (OIDC) protocol. Configure the OIDC Provider connection settings under the oidc_provider
key:
app_settings.json .oidc_provider
property | type | required | description |
---|---|---|---|
client_id | String | yes | The unique key identifying your CHT application in your OIDC Provider. |
discovery_url | String | yes | The URL to the .well-known OIDC configuration discovery endpoint for your OIDC Provider. Must be HTTPS unless allow_insecure_requests is true . |
allow_insecure_requests | Boolean | no | Optional configuration (NOT for production use). If true , the discovery_url can use the HTTP protocol (instead of HTTPS). Default is false . |
When using SSO Login, the app_url
setting must also be defined. Also, your CHT application’s client secret from the OIDC Provider must be securely configured in your CHT instance with the Credentials API using the key oidc:client-secret
.
Only users with the oidc_username
property can log in with SSO.
The definition takes the typical form below:
"oidc_provider": {
"client_id": "60f18991-1eae-4825-a579-44190cbbe51d",
"discovery_url": "https://my.oidc-provider.org/realms/master/.well-known/openid-configuration"
},
"app_url": "https://my.cht.org"
Setting up Single Sign On with the CHT
Starting up a digital health app
RESTful Application Programming Interfaces for integrating with CHT applications
Settings: The primary location of settings for CHT applications
Token login: Instructions and schema for Login by SMS