View Attach (11) Info

Add new attachment

Only authorized users are allowed to upload new attachments.

List of attachments

Kind Attachment Name Size Version Date Modified Author Change note
png
 oidc_crushftp_related_settings... 137.0 kB 1 09-Jan-2025 07:29 krivacsz
png
 oidc_dmz_plugin_settings.png 141.0 kB 2 09-Jan-2025 23:13 krivacsz
png
 oidc_dropbox_settings.png 58.1 kB 1 19-May-2025 05:22 krivacsz
png
 oidc_gdrive_settings.png 71.2 kB 1 19-May-2025 05:25 krivacsz
png
 oidc_general_plugin_settings.p... 39.3 kB 1 09-Jan-2025 07:32 krivacsz
png
 oidc_gstorage_settings.png 67.4 kB 1 19-May-2025 05:51 krivacsz
png
 oidc_idp_related_plugin_settin... 176.0 kB 3 09-Jan-2025 23:17 krivacsz
png
 oidc_login_buttons.png 59.4 kB 1 09-Jan-2025 07:50 krivacsz
png
 oidc_onedrive_settings.png 71.6 kB 1 19-May-2025 04:24 krivacsz
png
 oidc_redirect_base_setting.png 37.0 kB 1 05-Feb-2025 03:55 krivacsz
png
 oidc_sharepoint2_settings.png 74.6 kB 1 19-May-2025 05:18 krivacsz

This page (revision-386) was last changed on 19-May-2025 10:27 by krivacsz

This page was created on 06-Jan-2025 23:39 by krivacsz

Only authorized users are allowed to rename pages.

Only authorized users are allowed to delete pages.

Difference between version and

At line 4 changed 5 lines
__!!!Important__: Ensure that all {{''__(Required)__''}} fields are properly configured as outlined on this wiki page.\\
\\
__!!! Proxy Configuration__: If your server accesses the internet through a proxy, ensure that the __Identity Provider__’s (IdP’s) domains are whitelisted to allow the authentication process.\\
\\
__!!! Constraints__:\\
----
__⚠️ Important__: Ensure that all {{''__(Required❗)__''}} fields are properly configured as outlined on this wiki page.\\
----
__⚠️ Proxy Configuration__: If your server accesses the internet through a proxy, ensure that the __Identity Provider__’s (IdP’s) domains are whitelisted to allow the authentication process.\\
----
__⚠️ Constraints__:\\
At line 19 added one line
\\
At line 29 changed one line
__!!!See details at__: [Apple Sign In Configuration]\\
__⚠️ See details at__: [Apple Sign In Configuration]\\
At line 40 changed one line
As a reference example, see the [Google OAuth 2.0 Link| https://www.crushftp.com/crush11wiki/Wiki.jsp?page=SMTP%20Google%20Mail%20Integration#section-SMTP+Google+Mail+Integration-1.GoogleMailOAuth2.0] documentation.\\
As a reference example, see the [GDriveSetup] documentation.\\
At line 56 changed one line
!2.1.1 OpenID Configuration URL {{''__(Required)__''}}: \\
!2.1.1 OpenID Configuration URL {{''__(Required❗)__''}}: \\
At line 61 changed one line
• Authorization endpoint {{''__(Required)__''}}\\
• Authorization endpoint {{''__(Required❗)__''}}\\
At line 99 changed one line
!2.1.3 Authorization related settings {{''__(Required)__''}}:\\
!2.1.3 Authorization related settings {{''__(Required❗)__''}}:\\
At line 110 changed one line
• {oidc_redirect_url}: An autogenerated URL by CrushFTP, composed of the initial host and port, followed by __/SSO_IDC/__. This URL is used to redirect the user after successful authentication. __!!! It must exactly match the redirect URL registered and configured in the IdP.__\\
• {oidc_redirect_url}: An autogenerated URL by CrushFTP, composed of the initial host and port, followed by __/SSO_IDC/__. This URL is used to redirect the user after successful authentication. __⚠️ It must exactly match the redirect URL registered and configured in the IdP.__\\
At line 126 changed one line
__The refresh token enables access to the user's cloud storage through the IdP. __CrushFTP supports cloud storage integration with services such as Google Drive ([GDriveSetup]), OneDrive ([OneDriveSetup]), SharePoint ([SharePoint Integration]), and Dropbox ([Dropbox Integration]).\\
__The refresh token enables access to the user's cloud storage through the IdP. __CrushFTP supports cloud storage integration with services such as Google Drive ([GDriveSetup]), Google Cloud Storage ([Google Cloud Storage Integration]), OneDrive ([OneDriveSetup]), SharePoint ([SharePoint Integration]), and Dropbox ([Dropbox Integration]).\\
At line 130 removed one line
At line 136 removed one line
At line 148 changed one line
__Verify ID Token:__ The Authorization Code Flow uses the code value returned by the IdP to obtain the ID token. Although this step is not mandatory in the OpenID protocol, you can enable an additional verification of the returned ID token by selecting this checkbox. __!!!__ This feature works only if the OpenID configuration includes the "__jwks_uri__" endpoint. __It provides an extra layer of validation for the ID token.__\\
__Verify ID Token:__ The Authorization Code Flow uses the code value returned by the IdP to obtain the ID token. Although this step is not mandatory in the OpenID protocol, you can enable an additional verification of the returned ID token by selecting this checkbox. ⚠️ This feature works only if the OpenID configuration includes the "__jwks_uri__" endpoint. __It provides an extra layer of validation for the ID token.__\\
At line 152 changed one line
__Check User Endpoint URL?__: This option enables CrushFTP to retrieve additional information about the user from the IdP via the "__user_info__" endpoint URL. __!!!__ This feature only works if the OpenID configuration includes a "userinfo_endpoint" URL or if you manually specify it in the "__User Endpoint URL__" input field. \\
__Check User Endpoint URL?__: This option enables CrushFTP to retrieve additional information about the user from the IdP via the "__user_info__" endpoint URL. ⚠️ This feature only works if the OpenID configuration includes a "userinfo_endpoint" URL or if you manually specify it in the "__User Endpoint URL__" input field. \\
At line 156 changed one line
__Special Case for Microsoft Azure AD:__ When using __Microsoft Azure AD__ as the Identity Provider (IdP), a specific user endpoint is required to retrieve group information for the authenticated user:\\
⚠️ __Special Case for Microsoft Azure AD:__ When using __Microsoft Azure AD__ as the Identity Provider (IdP), a specific user endpoint is required to retrieve group information for the authenticated user:\\
At line 171 changed one line
__Claim as Username__ {{''__(Required)__''}}: Specify the name of the claim within the IdP's response that should be used as the __username for the CrushFTP session__.
__Claim as Username__ {{''__(Required❗)__''}}: Specify the name of the claim within the IdP's response that should be used as the __username for the CrushFTP session__.
At line 173 changed one line
__!!!__ If this claim is not present or its value is missing in the IdP's response (either within the ID Token or retrieved from the user endpoint), __the authentication will fail due to a missing username__.\\
__⚠️__ If this claim is not present or its value is missing in the IdP's response (either within the ID Token or retrieved from the user endpoint), __the authentication will fail due to a missing username__.\\
At line 183 changed one line
__Enable__: Activate the plugin. {{''__(Required)__''}}\\
__Enable__: Activate the plugin. {{''__(Required❗)__''}}\\
At line 189 changed one line
!2.2.1 Login Button {{''__(Required)__''}}:\\
!2.2.1 Login Button {{''__(Required❗)__''}}:\\
At line 194 changed one line
!2.2.2 Username matching {{''__(Required)__''}}:\\
!2.2.2 Username matching {{''__(Required❗)__''}}:\\
At line 212 changed one line
!2.2.5 User Templates {{''__(Required)__''}}:\\
!2.2.5 User Templates {{''__(Required❗)__''}}:\\
At line 214 changed 2 lines
__Template Username__: The signed-in user inherits both the settings and the VFS items(as Linked [VFS]). __It must have a value!__\\
__Import settings from CrushFTP user__: The signed-in user inherits only the settings from the specified user. __It must have a value!__\\
__Template Username__: The signed-in user inherits both the settings and the VFS items(as Linked [VFS]). ⚠️ __It must have a value!__\\
__Import settings from CrushFTP user__: The signed-in user inherits only the settings from the specified user. ⚠️ __It must have a value!__\\
At line 223 changed one line
__!!! Important__: If roles are configured and the IdP's user does not match any of the predefined roles, the authentication will be rejected due to the absence of matching roles.\\
__⚠️ Important__: If roles are configured and the IdP's user does not match any of the predefined roles, the authentication will be rejected due to the absence of matching roles.\\
At line 226 changed one line
__!!! Important__: Template user must exist in the [User Manager], otherwise, it will have no effect.\\
__⚠️ Important__: Template user must exist in the [User Manager], otherwise, it will have no effect.\\
At line 235 removed one line
At line 261 changed one line
!2.2.7 Custom VFS {{''__(Required Under Specific Conditions)__''}}:
!2.2.7 Custom VFS {{''__(Required Under Specific Conditions❗)__''}}:
At line 264 changed one line
__!!! Important:__ If the CrushOIDC user has no assigned VFS, __authentication will be rejected due to the absence of an assigned [VFS]__. CrushOIDC user can inherit VFS configuration from:\\
__⚠️ Important:__ If the CrushOIDC user has no assigned VFS, __authentication will be rejected due to the absence of an assigned [VFS]__. CrushOIDC user can inherit VFS configuration from:\\
At line 274 removed one line
At line 276 removed one line
At line 278 removed one line
\\
At line 280 changed 2 lines
\\
__!!! It requires the scope__:\\
__⚠️ It requires the scope__:\\
At line 284 removed one line
\\
At line 287 changed one line
__b.) OneDrive__:\\
__b.) Google Cloud Storage__:\\
\\
{{{
gstorage://{oidc_client_id}~{oidc_client_secret_decoded}:{oidc_refresh_token}@storage.googleapis.com/
}}}\\
\\
__More info at__: [Google Cloud Storage Integration]\\
__⚠️ It requires the scope__:\\
{{{ https://www.googleapis.com/auth/devstorage.full_control}}}\\
Check the description of : __2.1.3 Authorization related settings__ [Link|https://www.crushftp.com/crush11wiki/Wiki.jsp?page=CrushOIDC#section-CrushOIDC-2.1.3AuthorizationRelatedSettingsRequired] regarding scope.\\
[CrushOIDC/oidc_gstorage_settings.png]\\
\\
__c.) OneDrive__:\\
\\
At line 289 removed one line
At line 294 removed one line
\\
At line 296 changed 2 lines
\\
__!!!Note__:\\
__⚠️ Note__:\\
At line 300 removed one line
\\
At line 303 changed one line
__c.) Sharepoint__:\\
__d.) SharePoint__:\\
\\
At line 305 removed one line
At line 312 removed one line
\\
At line 314 changed 2 lines
\\
__!!!Note__:\\
__⚠️ Note__:\\
At line 321 changed one line
__Drive name__: Each SharePoint site has a Document Library where the site-related files are stored. See [SharePoint: Documents and Libraries Description Link||https://support.microsoft.com/en-us/office/what-is-a-document-library-3b5976dd-65cf-4c9e-bf5a-713c10ca2872] Provide its name\\
__Drive name__: Each SharePoint site has a Document Library where the site-related files are stored. See [SharePoint: Documents and Libraries Description Link|https://support.microsoft.com/en-us/office/what-is-a-document-library-3b5976dd-65cf-4c9e-bf5a-713c10ca2872] Provide its name\\
At line 323 removed one line
\\
At line 325 changed one line
__d.) DropBox__:\\
\\
__e.) DropBox__:\\
\\
At line 327 removed one line
At line 329 removed one line
At line 332 removed one line
\\
Version Date Modified Size Author Changes ... Change note
386 19-May-2025 10:27 22.102 kB krivacsz to previous
385 19-May-2025 10:25 22.096 kB krivacsz to previous | to last
384 19-May-2025 10:24 22.105 kB krivacsz to previous | to last
383 19-May-2025 10:22 22.106 kB krivacsz to previous | to last
382 19-May-2025 10:17 22.094 kB krivacsz to previous | to last
381 19-May-2025 10:17 22.076 kB krivacsz to previous | to last
« This page (revision-386) was last changed on 19-May-2025 10:27 by krivacsz
G’day (anonymous guest)
CrushFTP11 | What's New

Referenced by
Amazon Cognito Configuration
Apple Sign In Configuration
Azure Active Directory B2C Configuration
CrushOAuth
Dropbox Integration
Enterprise License Enhancements
GDriveSetup
Google Sign in Configuration
LeftMenu
Microsoft Sign in Configuration

JSPWiki