Hi Morten,
Thanks for your reply. We did consider LDAP – and it’s certainly still on the table – but were definitely, based on your response, heading in the wrong direction; I have been investigating a number of OpenID server entities instead, so I am grateful for your advice. We’ll experiment with LDAP instead, and see where we wind up! One day soon, we hope to begin documenting and sharing with the community all our “solutions”, so will eventually revert with our end-game… Kind Regards, *Jason Phillips* [image: hisp] *Information Systems / Infrastructure* *Health Information Systems Program____________________________________* This message and any attachments are subject to a disclaimer published at http://www.hisp.org/policies.html#comms_disclaimer. Please read the disclaimer before opening any attachment or taking any other action in terms of this electronic transmission. If you cannot access the disclaimer, kindly send an email to disclai...@hisp.org and a copy will be provided to you. By replying to this e-mail or opening any attachment you agree to be bound by the provisions of the disclaimer. *From:* Morten Olav Hansen [mailto:mor...@dhis2.org] *Sent:* Sunday, 06 August 2017 7:49 PM *To:* Jason Phillips <ja...@hisp.org> *Cc:* DHIS 2 Users list <dhis2-users@lists.launchpad.net> *Subject:* Re: [Dhis2-users] OAuth & Single-Sign-on / CAS with DHIS2 Hi Jason Have you considered using LDAP? we have had support for that a few releases. OpenID is basically deprecated, and I suggest not going that route. OAuth2 does not itself contain any authentication protocols (we are using basic or form based to get the bearer token). We have a issue for adding OpenID connect support (OpenID 2 + OAuth2) but that's not something that is coming soon. -- Morten Olav Hansen Senior Engineer, DHIS 2 University of Oslo http://www.dhis2.org On Fri, Aug 4, 2017 at 10:38 AM, Jason Phillips <ja...@hisp.org> wrote: Greetings, community! HISP SA is looking at ways to implement a single-sign-on solution within our hosted DHIS2 instances, potentially using OAuth and a self-hosted central OpenID/OpenAuth server entity (or even a dhis2 instance?) for authentication. Has anyone got any experience with implementing such a solution, and/or any advice about what the best practice could/would be to do so? The aim would be to try and get all dhis2 instances to share a single user’s password across the board, and ideally be able to revoke, manage and control access to all instances in a single location. Any advice, comments, suggestions or guidance would be most welcome. Kind Regards, *Jason Phillips* [image: hisp] *Information Systems / Infrastructure* *Health Information Systems Program____________________________________* eMail: ja...@hisp.org Tel/Fax: +27 21 712 0170 <+27%2021%20712%200170> Cell: +27 72 973 7250 <+27%2072%20973%207250> Skype: jason.n.phillips This message and any attachments are subject to a disclaimer published at http://www.hisp.org/policies.html#comms_disclaimer. Please read the disclaimer before opening any attachment or taking any other action in terms of this electronic transmission. If you cannot access the disclaimer, kindly send an email to disclai...@hisp.org and a copy will be provided to you. By replying to this e-mail or opening any attachment you agree to be bound by the provisions of the disclaimer. [image: cid:image002.jpg@01D2F4CE.CFC9B9B0] See the conference website <https://www.ehealthalive.org/> for more information! *This message and any attachments are subject to a disclaimer published at http://www.hisp.org/policies.html#comms_disclaimer <http://www.hisp.org/policies.html#comms_disclaimer>. Please read the disclaimer before opening any attachment or taking any other action in terms of this electronic transmission. If you cannot access the disclaimer, kindly send an email to disclai...@hisp.org <disclai...@hisp.org> and a copy will be provided to you. By replying to this e-mail or opening any attachment you agree to be bound by the provisions of the disclaimer.* _______________________________________________ Mailing list: https://launchpad.net/~dhis2-users Post to : dhis2-users@lists.launchpad.net Unsubscribe : https://launchpad.net/~dhis2-users More help : https://help.launchpad.net/ListHelp -- *This message and any attachments are subject to a disclaimer published at http://www.hisp.org/policies.html#comms_disclaimer <http://www.hisp.org/policies.html#comms_disclaimer>. Please read the disclaimer before opening any attachment or taking any other action in terms of this electronic transmission. If you cannot access the disclaimer, kindly send an email to disclai...@hisp.org <disclai...@hisp.org> and a copy will be provided to you. By replying to this e-mail or opening any attachment you agree to be bound by the provisions of the disclaimer.*
_______________________________________________ Mailing list: https://launchpad.net/~dhis2-users Post to : dhis2-users@lists.launchpad.net Unsubscribe : https://launchpad.net/~dhis2-users More help : https://help.launchpad.net/ListHelp
