Howto:OpenTalk - 3rd Party Product: Difference between revisions
M.lasarsch (talk | contribs) (Created page with "The following describes how to integrate OpenTalk seamlessly into the Innovaphone myApps/PBX. The PBX must be available in at least version 137781. You also need an existing OpenTalk installation, a description of how to install OpenTalk on premise can be found here: https://gitlab.opencode.de/opentalk/ot-setup === OAuth2 basic settings === Navigate within myApps as follows: '''Devices > PBX > Config > Authentication''' * Select the '''Authentication type''': PBX and O...") |
M.lasarsch (talk | contribs) No edit summary |
||
| Line 1: | Line 1: | ||
The following describes how to integrate OpenTalk seamlessly into the | The following describes how to integrate OpenTalk seamlessly into the innovaphone myApps/PBX. | ||
The PBX must be available in at least version 137781. | The PBX must be available in at least version 137781. | ||
| Line 7: | Line 7: | ||
Navigate within myApps as follows: '''Devices > PBX > Config > Authentication''' | Navigate within myApps as follows: '''Devices > PBX > Config > Authentication''' | ||
* Select the '''Authentication type''': PBX and OAuth2 | * Select the '''Authentication type''': PBX and OAuth2 | ||
* Set an '''OAuth2 provider name''', e.g: | * Set an '''OAuth2 provider name''', e.g: innovaphone auth. with OpenTalk | ||
* Set the '''OAuth2 domain''', or the URL to your OpenTalk installation: opentalk.yourdomain.com | * Set the '''OAuth2 domain''', or the URL to your OpenTalk installation: opentalk.yourdomain.com | ||
[[File:Innovaphone opentalk 1.png| | [[File:Innovaphone opentalk 1.png|800px|alt=OpenTalk OAuth basic|OpenTalk OAuth basic settings]] | ||
=== Activate and set up OAuth2 === | === Activate and set up OAuth2 === | ||
| Line 29: | Line 29: | ||
'''Tip:''' The '''OpenID known configuration URL''' can be tested by calling it in a browser, if successful a JSON is returned confirming the correct URL for the known configuration. | '''Tip:''' The '''OpenID known configuration URL''' can be tested by calling it in a browser, if successful a JSON is returned confirming the correct URL for the known configuration. | ||
[[File:Innovaphone opentalk 2.png|800px|alt=OpenTalk configuration|OpenTalk configuration]] | |||
=== Verify OAuth2 configuration === | === Verify OAuth2 configuration === | ||
| Line 36: | Line 38: | ||
You have the option to check the configuration from the previous steps independently, if all parameters have been set correctly, the test result should be as follows: | You have the option to check the configuration from the previous steps independently, if all parameters have been set correctly, the test result should be as follows: | ||
[[File:Innovaphone opentalk 3.png| | [[File:Innovaphone opentalk 3.png|800px|alt=OpenTalk verify OAuth|OpenTalk verify OAuth]] | ||
=== | === innovaphone LDAP and Keycloak User Federation === | ||
Navigate within myApps as follows: '''Devices > Services > LDAP > Server''' | Navigate within myApps as follows: '''Devices > Services > LDAP > Server''' | ||
* Set an LDAP user that is used within Keycloak as a service user for LDAP queries | * Set an LDAP user that is used within Keycloak as a service user for LDAP queries | ||
| Line 50: | Line 52: | ||
'''Bind type:''' simple | '''Bind type:''' simple | ||
The other settings and options under '''LDAP searching and updating''' depend heavily on the type of use of the Keycloak LDAP connection, e.g. should the user creation be realized via Keycloak or should everything be managed centrally via | The other settings and options under '''LDAP searching and updating''' depend heavily on the type of use of the Keycloak LDAP connection, e.g. should the user creation be realized via Keycloak or should everything be managed centrally via innovaphone. | ||
This must be decided and set up depending on the use case. | This must be decided and set up depending on the use case. | ||
Revision as of 09:23, 19 February 2024
The following describes how to integrate OpenTalk seamlessly into the innovaphone myApps/PBX. The PBX must be available in at least version 137781.
You also need an existing OpenTalk installation, a description of how to install OpenTalk on premise can be found here: https://gitlab.opencode.de/opentalk/ot-setup
OAuth2 basic settings
Navigate within myApps as follows: Devices > PBX > Config > Authentication
- Select the Authentication type: PBX and OAuth2
- Set an OAuth2 provider name, e.g: innovaphone auth. with OpenTalk
- Set the OAuth2 domain, or the URL to your OpenTalk installation: opentalk.yourdomain.com
Activate and set up OAuth2
Navigate within myApps as follows Devices > Services > OAuth2 > Config.
- Enable the OAuth2 "Config" with the checkbox Enable: √.
- Set the DNS name of this gateway, for example: pbx.yourdomain.com
- Set the OpenID known configuration URL, for example: https://accounts.opentalk.ihredomain.de/auth/realms/realm-name/.well-known/openid-configuration
- Set the Client ID to the client ID you defined in the keycloak, e.g.: pbxauth
- Set the upn (unique email address): email
The OpenID known configuration URL is always made up of the domain for the keycloak and the realm name. So please replace the above part accounts.opentalk.yourdomain.com with your own keycloak domain. The realm name above is the realm you have configured in Keycloak. If we assume that the Keycloak installation is based on the provided OpenSource installation (https://gitlab.opencode.de/opentalk/ot-setup) and no changes have been made to the realm, the realm name is opentalk.
Tip: The OpenID known configuration URL can be tested by calling it in a browser, if successful a JSON is returned confirming the correct URL for the known configuration.
Verify OAuth2 configuration
Navigate within myApps as follows: Devices > Services > OAuth2 > State
You have the option to check the configuration from the previous steps independently, if all parameters have been set correctly, the test result should be as follows:
innovaphone LDAP and Keycloak User Federation
Navigate within myApps as follows: Devices > Services > LDAP > Server
- Set an LDAP user that is used within Keycloak as a service user for LDAP queries
- Activate the Force TLS option in any case
First select the correct realm in Keycloak, do not edit the master realm in this context. Select "opentalk" or the realm you have created.
Navigate within the Keycloak as follows: User federation > Add new provider > LDAP Connection URL: ldaps://pbx.yourdomain.com:636 Use Truststore SPI: Only for ldaps Bind type: simple
The other settings and options under LDAP searching and updating depend heavily on the type of use of the Keycloak LDAP connection, e.g. should the user creation be realized via Keycloak or should everything be managed centrally via innovaphone.
This must be decided and set up depending on the use case.