Skip to main content

Single Sign-On (SSO) Configuration

Stirling PDF allows login via Single Sign-On (SSO) using OAUTH2 OpenID Connect (OIDC) These are

  • oauth2.enabled Set this to 'true' to enable login (Note: enableLogin must also be 'true' for this to work)
  • oauth2.issuer Set this to any provider that supports OpenID Connect Discovery /.well-known/openid-configuration end-point
  • oauth2.clientId Client ID from your provider
  • oauth2.clientSecret Client Secret from your provider
  • oauth2.autoCreateUser Set this to 'true' to allow auto-creation of non-existing users

The Callback URL (Redirect URL) for entering in your IdP is: https://<striling-pdf.yourdomain>/login/oauth2/code/<oidc-provider> eg https://<striling-pdf.yourdomain>/login/oauth2/code/keycloak

It is highly recommended to use a SSL-enabled reverse-proxy, if the application is going to be exposed to the internet.

After the OAUTH2 login is enabled, a new button shows up on the login page as per the screenshot below:

image

Configurations Examples

security:
  enableLogin: true # set to 'true' to enable login
  oauth2:
    enabled: false # set to 'true' to enable SSO login
    issuer: "" # OpenID Connect Discovery endpoint
    clientId: "" # Client ID from your provider
    clientSecret: "" # Client Secret from your provider
    autoCreateUser: false # auto-creation of users

Disable Form Login

Once you successfully enabled Single Sign-on (with OAuth2 or SAML), you might want to disable the form login. This can be done by changing the loginMethod setting accordingly to your needs, like so:

Configurations Examples

security:
  ...
  loginMethod: oauth2 # Accepts values like 'all' and 'normal'(only Login with Username/Password), 'oauth2'(only