We’re happy to announce the availablity of Moqui SSO. This new feature is for anyone looking to add new login options to Moqui. The new Moqui SSO component supports the following protocols:
- OAuth
- OpenID Connect
- SAML
How to enable Moqui SSO?
You can enable SSO by following these 2 simple steps:
- Get the SSO component
./gradlew getComponent -Pcomponent=moqui-sso
- Load the seed data (pick the flow you wish to enable):
<entity-facade-xml>
<moqui.security.sso.AuthFlow authFlowId="Keycloak" authFlowTypeEnumId="AftOidc" description="Keycloak" defaultUserGroupId="ALL_USERS" sequenceNum="1" iconName="security">
<oidc clientTypeEnumId="OctKeycloak" clientId="XXXXXX" secret="XXXXXX" realm="XXXXXX" baseUri="XXXXXX" preferredJwsAlgorithmEnumId="OjaRS512"/>
<roleMaps roleName="ADMIN" userGroupId="ADMIN" roleTypeId="Employee"/>
<fieldMaps ruleSeqId="01" srcFieldName="name" dstFieldName="userFullName"/>
<fieldMaps ruleSeqId="02" srcFieldName="given_name" dstFieldName="firstName"/>
<fieldMaps ruleSeqId="03" srcFieldName="family_name" dstFieldName="lastName"/>
<fieldMaps ruleSeqId="04" srcFieldName="email" dstFieldName="emailAddress"/>
</moqui.security.sso.AuthFlow>
<moqui.security.sso.AuthFlow authFlowId="GitHub" authFlowTypeEnumId="AftOauth" description="GitHub" defaultUserGroupId="ALL_USERS" sequenceNum="2" iconName="globe">
<oauth clientTypeEnumId="OctGitHub" clientId="XXXXXX" secret="XXXXXX"/>
<fieldMaps ruleSeqId="01" srcFieldName="name" dstFieldName="userFullName"/>
<fieldMaps ruleSeqId="02" srcFieldName="login" dstFieldName="emailAddress" dstFieldExpression="login + '@moqui.org'"/>
<fieldMaps ruleSeqId="03" srcFieldName="name" dstFieldName="firstName" dstFieldExpression="name.split(' ').length > 2 ? name.split(' ')[0] + ' ' + name.split(' ')[1] : name.split(' ')[0]"/>
<fieldMaps ruleSeqId="04" srcFieldName="name" dstFieldName="lastName" dstFieldExpression="name.replaceFirst(name.split(' ').length > 2 ? name.split(' ')[0] + ' ' + name.split(' ')[1] : name.split(' ')[0], '').trim()"/>
</moqui.security.sso.AuthFlow>
<moqui.security.sso.AuthFlow authFlowId="Duo" authFlowTypeEnumId="AftSaml" description="Duo" defaultUserGroupId="ALL_USERS" sequenceNum="3" iconName="globe">
<saml keystoreLocation="XXXXXX" keystorePassword="XXXXXX" privateKeyPassword="XXXXXX" serviceProviderEntityId="XXXXXX" identityProviderMetadataLocation="XXXXXX"/>
<fieldMaps ruleSeqId="01" srcFieldName="Name" dstFieldName="userFullName" dstFieldTypeEnumId="DftString" dstFieldExpression="Name.get(0)"/>
<fieldMaps ruleSeqId="02" srcFieldName="email" dstFieldName="emailAddress" dstFieldTypeEnumId="DftString"/>
<fieldMaps ruleSeqId="03" srcFieldName="first_name" dstFieldName="firstName" dstFieldTypeEnumId="DftString"/>
<fieldMaps ruleSeqId="04" srcFieldName="last_name" dstFieldName="lastName" dstFieldTypeEnumId="DftString"/>
</moqui.security.sso.AuthFlow>
</entity-facade-xml>
Feel free to reach out to me with feedback or comments!