• Requirements
• Email
• LDAP
• SSL
• OAuth2
• API HTTP

Setup of OAuth2 sign-in

The curl and openssl PHP extensions must be loaded if you want to use this feature.

Checkup of your environement

'; echo "'; echo "'; echo "'; echo "'; echo "'; echo "'; echo "'; echo "'; echo "'; if (function_exists('openssl_get_cert_locations')) { $filesToCheck = openssl_get_cert_locations(); foreach ($filesToCheck as $key => $value) { echo "'; } } ?>

Requirement	Value / Description
PHP_VERSION	" . (version_compare(PHP_VERSION, '5.6.0', '>=')? '>=5.6.0' : '<5.6.0') . '
openssl	" . ((extension_loaded('openssl'))? 'extension loaded' : 'extension not loaded') . '
curl	" . ((extension_loaded('curl'))? 'extension loaded' : 'extension not loaded') . '
oauth2_enabled	" . ($config['oauth2_enabled']===TRUE? 'TRUE': 'FALSE') . '
oauth2_provider	" . $config['oauth2_provider'] . '
oauth2_client_id	" . ($config['oauth2_client_id']!=''? 'Provided': 'Empty') . '
oauth2_client_secret	" . ($config['oauth2_client_secret']!=''? 'Provided': 'Empty') . '
curl.cainfo	" . (file_exists(ini_get('curl.cainfo'))===TRUE? 'Found': 'Not found') . '
openssl.cafile	" . (file_exists(ini_get('openssl.cafile'))===TRUE? 'Found': 'Not found') . '
openssl_get_cert_locations	" . ((function_exists('openssl_get_cert_locations'))? 'Exists' : 'Doesn\'t exist') . '
$key	" . (file_exists($value)===TRUE? 'Found': 'Not found') . '

Additional information

Setup Google+ API

Instruction for Google API:

• Open Google Developers Console, and create or modify a project.
• In the dashboard, select "Enable APIs and get credentials like keys" or a similar entry.
• Google+ API must be enabled.
• In the left side bar, select "Credentials".
• Check that the domain that you'll use is defined into "Domain Verification tab" and add it otherwise.
• Optionnally, you may customize the "OAuth consent screen".
• Into "Credentials", create a new entry in "OAuth 2.0 client IDs".
• In "Authorized JavaScript origins", add the root of your installation (eg "http://demo.jorani.org").
• The field "Authorized redirect URIs" must be blank.
• Don't forget to save and to note Client ID and Client secret.

Setup Jorani

Setup Jorani by editing application/config/config.php

• Switch oauth2_enabled to TRUE.
• Set oauth2_provider to google (only google is supported).
• Set oauth2_client_id with the value you got from Google developers console.
• Set oauth2_client_secret with the value you got from Google developers console.

Setup your PHP environment

Depending on the version you are using, PHP will try to search for a bundle of certicates to be trusted. It is a file containing a list of public keys emitted by servers and APIs. Of course, the Google API must be listed prior trying to use the Google+ API for authentication purposes.

In case your system is not up-to-date, Jorani is bundled with a list of trusted certicates into assets/keys/cacert.pem. The absolute path to this file must be known by either:

• OpenSSL, if your version of PHP is greater than 5.6.
• Curl, if your version of PHP is lesser than 5.6.

You should modify the PHP.ini file depending on the version of PHP, as follow for PHP 5.6+:

[openssl]
; The location of a Certificate Authority (CA) file on the local filesystem
; to use when verifying the identity of SSL/TLS peers. Most users should
; not specify a value for this directive as PHP will attempt to use the
; OS-managed cert stores in its absence. If specified, this value may still
; be overridden on a per-stream basis via the "cafile" SSL stream context
; option.
openssl.cafile=C:\wamp\www\auth\cacert.pem

; If openssl.cafile is not specified or if the CA file is not found, the
; directory pointed to by openssl.capath is searched for a suitable
; certificate. This value must be a correctly hashed certificate directory.
; Most users should not specify a value for this directive as PHP will
; attempt to use the OS-managed cert stores in its absence. If specified,
; this value may still be overridden on a per-stream basis via the "capath"
; SSL stream context option.
;openssl.capath=

Or as follow for older versions of PHP:

[curl]
; A default value for the CURLOPT_CAINFO option. This is required to be an
; absolute path.
curl.cainfo=C:\wamp\www\auth\cacert.pem

Of course, adapt the path according to your environment.

Troubleshooting

In case of error, here are some additional steps:

• The HTTP/HTTPS ports may be blocked by your organization/server's security policy (or firewall).
• When running SELinux, the webserver is blocked by default (it cannot open a network connection). Please consider unblocking it:

  $ setsebool -P httpd_can_network_connect 1