Google OpenID Setup¶
This guide walks through a basic setup allowing Google users to authenticate with your Kasm deployment.
Reference Docs:
Creating a Github OAuth App¶
Login to the Google Developer Console: https://console.developers.google.com
Select OAuth consent screen.
Select External then click Create.
Warning
In this example, we walk through creating an integration where any Google user can auth with the Kasm app. This is ideal for a public facing deployment. Choose Internal if only user from your Google Workspaces corporate account should be allowed to authenticate.
Provide values for the App Name , User support email, and Developer Contact email.
In the Authorized Domains section, enter your deployment’s top private domain (e.g
example.com
).Click Save and Continue.
Click Add or Remove Scopes.
In the Update Selected Scopes window check
.../auth/userinfo.email
, then click Update.
Click Save and Continue.
Until the app is fully verified and published it can only be used to auth specific test accounts. Click Add Users to authorize several test google accounts.
Click Save and Continue.
In the APIs & Services menu, select Credentials.
Select Create Credentials, then OAuth client ID.
Select
Web Application
as the Application type, then give the client a name (e.gKasm
).Click Add URI in the Authorized redirect URIs section, and enter
https://<kasm deployment hostname>/api/oidc_callback
.Click Create.
17. A dialogue will display with a Client ID and Client Secret. Save these values for the next configuration steps. The JSON download will also include URLs needed for the next configuration steps.
Kasm OpenID Config¶
Log into the Kasm UI as an administrator.
Select Authentication -> OpenID -> Create New Configuration.
Update the form with the following entries, using the Client ID and Client Secret gathered in the previous section.
Property |
Value |
Display Name |
Continue with Google |
Logo URL |
|
Enabled |
Checked |
Auto Login |
Unchecked |
Hostname |
<Empty> |
Default |
Checked |
Client ID |
<Client ID From Google OAuth App> |
Client Secret |
<Client Secret from Google OAuth App> |
Authorization URL |
|
Token URL |
|
User Info URL |
|
Scope |
|
Username Attribute |
|
Groups Attribute |
Unchecked |
Debug |
Unchecked |
Click Submit to save the changes.
Google Login Test¶
Logout of the Kasm to display the login screen. The OpenID configuration should be shown.
Click Continue with Google.
The user is redirected to Google for auth.
Upon completion, the user is logged into the Kasm app.