Github OpenID Setup

Warning

Be mindful when configuring OpenID providers that are public. Any user that can successfully authenticate with the provider will have access to your deployment of Kasm Workspaces. While access to Kasm Workspace apps and desktops can be resitricted with Kasm group permissions, any user of the public authentication provider would still be able to login to your deployment of Kasm. It is recommended to use a private OpenID provider unless your intention is to allow authentictioned access to all users of the OpenID platform provider.

This guide walks through a basic setup allowing Github users to authenticate with your Kasm deployment

Reference Docs:

Creating a Github OAuth App

  1. Login to Github and select Settings from the profile dropdown: https://github.com/settings/profile

  2. Select Develop Settings.

  3. Select OAuth Apps, then click New OAuth App.

  4. Give the application a name (e.g Kasm), enter the URL of the deployment in the Homepage URL, and the Authorization callback to be https://<deployment hostname>/api/oidc_callback.

../../_images/new_oauth_app.png

New OAuth Application

  1. Select Register Application.

  2. On the next page note the Client ID. It will be needed for upcoming configurations.

  3. Click Generate a new client secret and note the value. It will be needed for upcoming configurations.

../../_images/client_secret.png

Client ID an Client Secret

Kasm OpenID Config

  1. Log into the Kasm UI as an administrator.

  2. Select Access Management -> Authentication -> OpenID -> Add Config.

  3. Update the form with the following entries, using the Client ID and Client Secret gathered in the previous section.

Property

Value

Display Name

Continue with Github

Logo URL

https://github.com/favicon.ico

Enabled

Checked

Auto Login

Unchecked

Hostname

<Empty>

Default

Checked

Client ID

<Client ID From Github OAuth App>

Client Secret

<Client Secret from Github OAuth App>

Authorization URL

https://github.com/login/oauth/authorize

Token URL

https://github.com/login/oauth/access_token

User Info URL

https://api.github.com/user

Scope

user:email

Username Attribute

email

Groups Attribute

<Empty>

Debug

Unchecked
../../_images/kasm_oidc_configuration.webp

Kasm OIDC Configurations

  1. Click Save to save the changes.

Github Login Test

  1. Logout of the Kasm to display the login screen. The OpenID configuration should be shown.

../../_images/login1.webp

Login Screen

  1. Click Continue with Github.

  2. The user is redirected to Github. Login if necessary. The first time the user utilizes the OpenID auth, they will be prompted to accept the access requested. Select Authorize

../../_images/authorization1.png

Github Auth

  1. Upon compleation, the user is logged into the Kasm app.