Where do I get the Client ID and Client Secret from for Google authentication?

Article #:

Product

Castle

KB-81

Connect for Chromebooks

Google Sign-In on SSL Login Pages

Glamis onwards

Summary

When using Google verification with Connect for Chromebooks or the Google Sign-In button on SSL / non-SSL login pages, the Smoothwall must submit a valid client ID and secret in order to communicate with Google OpenAuth (OAuth) servers. This communication is to confirm that a user is indeed who they say they are.

You create the client ID and client secret in the Google Developer Console.

Solution

Note: Disclaimer: The following instructions are correct at the time of writing. Google feature names and links may change over time.

  1. Go to https://console.developers.google.com and log in as an admin user.

If it is the first time you login as a new user you will be prompted to accept the Google terms and conditions.

  1. Create a new project:
    1. Click > IAM & Admin
    2. Underneath the IAM & Admin heading, click All Projects (Note that you may see <your_domain_name> projects instead).
    3. Click CREATE PROJECT.
  2. Enter a suitable Project Name, for example, Smoothwall Login.
  3. Click CREATE.
  4. Go to >API Manager > Credentials.
  5. From the APIs Credentials panel, click Create credentials > OAuth client ID.
  6. If a consent screen has not been configured previously, click Configure consent screen. otherwise, skip to step 8.

The consent screen is shown to users whenever permission is needed to access their data, for example:

a. Select the OAuth consent screen tab.
b. From the drop-down list, select the Email address of the relevant administrator.
c. Enter the project name created in step 3 to Product name shown to users.
d. Configure all other options as required, and click Save.

You are returned to the Credentials page.

  1. Choose an Application type of Web application.
  2. Configure an appropriate Name for the credentials web application, for example, Smoothwall Login.
  3. Authorized JavaScript origins — This tells Google to only accept OpenAuth (OAuth) requests from this host. Enter the URL of the Smoothwall appliance’s hostname, suffixed with port 442.

Tip: The URL used must be the hostname of the Smoothwall which Chromebooks will resolve via DNS. If Chromebook Authentication is to be configured for external off-site access, the URL must have a public DNS record which resolves to the Smoothwall's external IP address.

a. If you are creating this project for Connect for Chromebooks, or for SSL login pages, or a combination of both, enter a HTTPS version of the Smoothwall URL, for example:

https://proxy.smoothtest.com:442

b. If you are creating this project for non-SSL login pages, enter a HTTP version of the Smoothwall URL without the port number, for example:

http://proxy.smoothtest.com

c. If you are creating this project for all three scenarios (Connect for Chromebooks, SSL login pages, and non-SSL login pages), enter both the HTTPS and HTTP versions of the URL:

  1. Authorized redirect URI — Once the credentials have been verified, this is the URL the Smoothwall will use to communicate with Google. Use the Smoothwall appliance hostname and port number configured for Authorized JavaScript origins, with oauth2callback as the path.
a. If you are creating this project for Connect for Chromebooks or for SSL login pages, or a combination of both, enter a HTTPS version of the Smoothwall URL, for example:

https://proxy.smoothtest.com:442/oauth2callback

b. If you are creating this project for non-SSL login pages, enter a HTTP version of the Smoothwall URL without the port number, for example:

http://proxy.smoothtest.com/oauth2callback

c. If you are creating this project for all three scenarios (Connect for Chromebooks, SSL login pages, and non-SSL login pages), enter both the HTTPS and HTTP versions of the URL:

  1. Click Create.

The OAuth client credentials, in the form of the Client ID and Client Secret, are returned. Make a note of these as the Smoothwall needs them to communicate with Google.

Tip: If required, you can access this information again on the Google Developers console > Credentials page.

  1. You enter the Client ID and Client Secret into the Smoothwall administration user interface:
    1. Customers running Kenilworth or above, this is the Services > Authentication > Google page — go to our help topic Using Google™ Credentials.
    2. Customers running Inverness, this is the Services > Authentication > Google page — go to our help topic Using Connect for Chromebooks.
    3. Customers running Hearst or earlier, this is the Services > Authentication > Chromebook page — go to our help topic Using Connect for Chromebooks.

 

What's Left To Do to setup Connect for Chromebooks?

 

What's Left To Do to Setup Google Sign-In on SSL Login Pages

Attribution:

Last updated:

Original Author:

Contributions by:

9th May 2017

Tanja Ehrhardt

Samantha Nair

 

 

Copyright © 2000-2016 Smoothwall All rights reserved.