OAuth & Single-Sign-on / CAS with DHIS2

Greetings, community!

HISP SA is looking at ways to implement a single-sign-on solution within our hosted DHIS2 instances, potentially using OAuth and a self-hosted central OpenID/OpenAuth server entity (or even a dhis2 instance?) for authentication.

Has anyone got any experience with implementing such a solution, and/or any advice about what the best practice could/would be to do so?
The aim would be to try and get all dhis2 instances to share a single user’s password across the board, and ideally be able to revoke, manage and control access to all instances in a single location.

Any advice, comments, suggestions or guidance would be most welcome.

Kind Regards,

Jason Phillips

hisp

Information Systems / Infrastructure**
Health Information Systems Program

image

Hi Jason

Have you considered using LDAP? we have had support for that a few releases. OpenID is basically deprecated, and I suggest not going that route. OAuth2 does not itself contain any authentication protocols (we are using basic or form based to get the bearer token).

We have a issue for adding OpenID connect support (OpenID 2 + OAuth2) but that’s not something that is coming soon.

image

image

···

On Fri, Aug 4, 2017 at 10:38 AM, Jason Phillips jason@hisp.org wrote:

Greetings, community!

HISP SA is looking at ways to implement a single-sign-on solution within our hosted DHIS2 instances, potentially using OAuth and a self-hosted central OpenID/OpenAuth server entity (or even a dhis2 instance?) for authentication.

Has anyone got any experience with implementing such a solution, and/or any advice about what the best practice could/would be to do so?
The aim would be to try and get all dhis2 instances to share a single user’s password across the board, and ideally be able to revoke, manage and control access to all instances in a single location.

Any advice, comments, suggestions or guidance would be most welcome.

Kind Regards,

Jason Phillips

Information Systems / Infrastructure**
Health Information Systems Program
____________________________________**

eMail: jason@hisp.org
Tel/Fax: +27 21 712 0170
Cell: +27 72 973 7250
Skype: jason.n.phillips

This message and any attachments are subject to a disclaimer published at http://www.hisp.org/policies.html#comms_disclaimer. Please read the disclaimer before opening any attachment or taking any other action in terms of this electronic transmission. If you cannot access the disclaimer, kindly send an email to disclaimer@hisp.org and a copy will be provided to you. By replying to this e-mail or opening any attachment you agree to be bound by the provisions of the disclaimer.

See the conference website for more information!

This message and any attachments are subject to a disclaimer published at http://www.hisp.org/policies.html#comms_disclaimer. Please read the disclaimer before opening any attachment or taking any other action in terms of this electronic transmission. If you cannot access the disclaimer, kindly send an email to disclaimer@hisp.org and a copy will be provided to you. By replying to this e-mail or opening any attachment you agree to be bound by the provisions of the disclaimer.


Mailing list: https://launchpad.net/~dhis2-users

Post to : dhis2-users@lists.launchpad.net

Unsubscribe : https://launchpad.net/~dhis2-users

More help : https://help.launchpad.net/ListHelp

Morten Olav Hansen

Senior Engineer, DHIS 2

University of Oslo

http://www.dhis2.org

1 Like

Hi Morten,

Thanks for your reply.

We did consider LDAP – and it’s certainly still on the table – but were definitely, based on your response, heading in the wrong direction; I have been investigating a number of OpenID server entities instead, so I am grateful for your advice.

We’ll experiment with LDAP instead, and see where we wind up! One day soon, we hope to begin documenting and sharing with the community all our “solutions”, so will eventually revert with our end-game…

Kind Regards,

Jason Phillips

hisp

Information Systems / Infrastructure**
Health Information Systems Program

image

···

Hi Jason

Have you considered using LDAP? we have had support for that a few releases. OpenID is basically deprecated, and I suggest not going that route. OAuth2 does not itself contain any authentication protocols (we are using basic or form based to get the bearer token).

We have a issue for adding OpenID connect support (OpenID 2 + OAuth2) but that’s not something that is coming soon.

Morten Olav Hansen

Senior Engineer, DHIS 2

University of Oslo

http://www.dhis2.org

On Fri, Aug 4, 2017 at 10:38 AM, Jason Phillips jason@hisp.org wrote:

Greetings, community!

HISP SA is looking at ways to implement a single-sign-on solution within our hosted DHIS2 instances, potentially using OAuth and a self-hosted central OpenID/OpenAuth server entity (or even a dhis2 instance?) for authentication.

Has anyone got any experience with implementing such a solution, and/or any advice about what the best practice could/would be to do so?
The aim would be to try and get all dhis2 instances to share a single user’s password across the board, and ideally be able to revoke, manage and control access to all instances in a single location.

Any advice, comments, suggestions or guidance would be most welcome.

Kind Regards,

Jason Phillips

Information Systems / Infrastructure**
Health Information Systems Program
____________________________________**

eMail: jason@hisp.org
Tel/Fax: +27 21 712 0170
Cell: +27 72 973 7250
Skype: jason.n.phillips

This message and any attachments are subject to a disclaimer published at http://www.hisp.org/policies.html#comms_disclaimer. Please read the disclaimer before opening any attachment or taking any other action in terms of this electronic transmission. If you cannot access the disclaimer, kindly send an email to disclaimer@hisp.org and a copy will be provided to you. By replying to this e-mail or opening any attachment you agree to be bound by the provisions of the disclaimer.

See the conference website for more information!

This message and any attachments are subject to a disclaimer published at http://www.hisp.org/policies.html#comms_disclaimer. Please read the disclaimer before opening any attachment or taking any other action in terms of this electronic transmission. If you cannot access the disclaimer, kindly send an email to disclaimer@hisp.org and a copy will be provided to you. By replying to this e-mail or opening any attachment you agree to be bound by the provisions of the disclaimer.


Mailing list: https://launchpad.net/~dhis2-users
Post to : dhis2-users@lists.launchpad.net
Unsubscribe : https://launchpad.net/~dhis2-users
More help : https://help.launchpad.net/ListHelp

Sure, feel free to keep us posted with updated :slight_smile:

image

image

···

Morten Olav Hansen

Senior Engineer, DHIS 2

University of Oslo

http://www.dhis2.org

On Mon, Aug 7, 2017 at 11:57 AM, Jason Phillips jason@hisp.org wrote:

Hi Morten,

Thanks for your reply.

We did consider LDAP – and it’s certainly still on the table – but were definitely, based on your response, heading in the wrong direction; I have been investigating a number of OpenID server entities instead, so I am grateful for your advice.

We’ll experiment with LDAP instead, and see where we wind up! One day soon, we hope to begin documenting and sharing with the community all our “solutions”, so will eventually revert with our end-game…

Kind Regards,

Jason Phillips

Information Systems / Infrastructure**
Health Information Systems Program
____________________________________**

This message and any attachments are subject to a disclaimer published at http://www.hisp.org/policies.html#comms_disclaimer. Please read the disclaimer before opening any attachment or taking any other action in terms of this electronic transmission. If you cannot access the disclaimer, kindly send an email to disclaimer@hisp.org and a copy will be provided to you. By replying to this e-mail or opening any attachment you agree to be bound by the provisions of the disclaimer.

From: Morten Olav Hansen [mailto:morten@dhis2.org]
Sent: Sunday, 06 August 2017 7:49 PM
To: Jason Phillips jason@hisp.org
Cc: DHIS 2 Users list dhis2-users@lists.launchpad.net
Subject: Re: [Dhis2-users] OAuth & Single-Sign-on / CAS with DHIS2

Hi Jason

Have you considered using LDAP? we have had support for that a few releases. OpenID is basically deprecated, and I suggest not going that route. OAuth2 does not itself contain any authentication protocols (we are using basic or form based to get the bearer token).

We have a issue for adding OpenID connect support (OpenID 2 + OAuth2) but that’s not something that is coming soon.

Morten Olav Hansen

Senior Engineer, DHIS 2

University of Oslo

http://www.dhis2.org

On Fri, Aug 4, 2017 at 10:38 AM, Jason Phillips jason@hisp.org wrote:

Greetings, community!

HISP SA is looking at ways to implement a single-sign-on solution within our hosted DHIS2 instances, potentially using OAuth and a self-hosted central OpenID/OpenAuth server entity (or even a dhis2 instance?) for authentication.

Has anyone got any experience with implementing such a solution, and/or any advice about what the best practice could/would be to do so?
The aim would be to try and get all dhis2 instances to share a single user’s password across the board, and ideally be able to revoke, manage and control access to all instances in a single location.

Any advice, comments, suggestions or guidance would be most welcome.

Kind Regards,

Jason Phillips

Information Systems / Infrastructure**
Health Information Systems Program
____________________________________**

eMail: jason@hisp.org
Tel/Fax: +27 21 712 0170
Cell: +27 72 973 7250
Skype: jason.n.phillips

This message and any attachments are subject to a disclaimer published at http://www.hisp.org/policies.html#comms_disclaimer. Please read the disclaimer before opening any attachment or taking any other action in terms of this electronic transmission. If you cannot access the disclaimer, kindly send an email to disclaimer@hisp.org and a copy will be provided to you. By replying to this e-mail or opening any attachment you agree to be bound by the provisions of the disclaimer.

See the conference website for more information!

This message and any attachments are subject to a disclaimer published at http://www.hisp.org/policies.html#comms_disclaimer. Please read the disclaimer before opening any attachment or taking any other action in terms of this electronic transmission. If you cannot access the disclaimer, kindly send an email to disclaimer@hisp.org and a copy will be provided to you. By replying to this e-mail or opening any attachment you agree to be bound by the provisions of the disclaimer.


Mailing list: https://launchpad.net/~dhis2-users
Post to : dhis2-users@lists.launchpad.net
Unsubscribe : https://launchpad.net/~dhis2-users
More help : https://help.launchpad.net/ListHelp

This message and any attachments are subject to a disclaimer published at http://www.hisp.org/policies.html#comms_disclaimer. Please read the disclaimer before opening any attachment or taking any other action in terms of this electronic transmission. If you cannot access the disclaimer, kindly send an email to disclaimer@hisp.org and a copy will be provided to you. By replying to this e-mail or opening any attachment you agree to be bound by the provisions of the disclaimer.

Just adding my 5c – OpenID has been superseded by OpenID connect

These may be interesting reading too:

http://lightstep.com/blog/everything-I-wish-I-knew-about-enterprise-sso/

https://developers.google.com/identity/protocols/OpenIDConnect

Cheers

Ed

image

image

···

From: Dhis2-users [mailto:dhis2-users-bounces+erobinson=projectbalance.com@lists.launchpad.net] On Behalf Of Jason Phillips

Sent: Monday, 07 August 2017 11:57 AM

To: Morten Olav Hansen morten@dhis2.org

Cc: DHIS 2 Users list dhis2-users@lists.launchpad.net

Subject: Re: [Dhis2-users] OAuth & Single-Sign-on / CAS with DHIS2

Hi Morten,

Thanks for your reply.

We did consider LDAP – and it’s certainly still on the table – but were definitely, based on your response, heading in the wrong direction; I have been investigating a number of OpenID server entities instead, so I am grateful for your advice.

We’ll experiment with LDAP instead, and see where we wind up! One day soon, we hope to begin documenting and sharing with the community all our “solutions”, so will eventually revert with our end-game…

Kind Regards,

Jason Phillips

Information Systems / Infrastructure**

Health Information Systems Program

____________________________________**

This message and any attachments are subject to a disclaimer published at http://www.hisp.org/policies.html#comms_disclaimer . Please read the disclaimer before opening any attachment or taking any other action in terms of this electronic transmission. If you cannot access the disclaimer, kindly send an email to disclaimer@hisp.org
and a copy will be provided to you. By replying to this e-mail or opening any attachment you agree to be bound by the provisions of the disclaimer.

From: Morten Olav Hansen [mailto:morten@dhis2.org]

Sent: Sunday, 06 August 2017 7:49 PM

To: Jason Phillips jason@hisp.org

Cc: DHIS 2 Users list dhis2-users@lists.launchpad.net

Subject: Re: [Dhis2-users] OAuth & Single-Sign-on / CAS with DHIS2

Hi Jason

Have you considered using LDAP? we have had support for that a few releases. OpenID is basically deprecated, and I suggest not going that route. OAuth2 does not itself contain any authentication protocols (we are using basic or form based to get the bearer token).

We have a issue for adding OpenID connect support (OpenID 2 + OAuth2) but that’s not something that is coming soon.

Morten Olav Hansen

Senior Engineer, DHIS 2

University of Oslo

http://www.dhis2.org

On Fri, Aug 4, 2017 at 10:38 AM, Jason Phillips jason@hisp.org wrote:

Greetings, community!

HISP SA is looking at ways to implement a single-sign-on solution within our hosted DHIS2 instances, potentially using OAuth and a self-hosted central OpenID/OpenAuth server entity (or even a dhis2 instance?) for authentication.

Has anyone got any experience with implementing such a solution, and/or any advice about what the best practice could/would be to do so?

The aim would be to try and get all dhis2 instances to share a single user’s password across the board, and ideally be able to revoke, manage and control access to all instances in a single location.

Any advice, comments, suggestions or guidance would be most welcome.

Kind Regards,

Jason Phillips

Information Systems / Infrastructure**

Health Information Systems Program

____________________________________**

eMail: jason@hisp.org

Tel/Fax: +27 21 712 0170

Cell: +27 72 973 7250

Skype: jason.n.phillips

This message and any attachments are subject to a disclaimer published at http://www.hisp.org/policies.html#comms_disclaimer . Please read the disclaimer before opening any attachment or taking any other action in terms of this electronic transmission. If you cannot access the disclaimer, kindly send an email to disclaimer@hisp.org and a copy will be provided to you. By replying to this e-mail or opening any attachment you agree to be bound by the provisions of the disclaimer.

See the conference website for more information!

This message and any attachments are subject to a disclaimer published at http://www.hisp.org/policies.html#comms_disclaimer . Please read the disclaimer before opening any attachment or taking any other action in terms of this electronic transmission. If you cannot access the disclaimer, kindly send an email to
disclaimer@hisp.org and a copy will be provided to you. By replying to this e-mail or opening any attachment you agree to be bound by the provisions of the disclaimer.


Mailing list: https://launchpad.net/~dhis2-users

Post to : dhis2-users@lists.launchpad.net

Unsubscribe : https://launchpad.net/~dhis2-users

More help : https://help.launchpad.net/ListHelp

This message and any attachments are subject to a disclaimer published at http://www.hisp.org/policies.html#comms_disclaimer . Please read the disclaimer before opening any attachment or taking any other action in terms of this electronic transmission. If you cannot access the disclaimer, kindly send an email to
disclaimer@hisp.org and a copy will be provided to you. By replying to this e-mail or opening any attachment you agree to be bound by the provisions of the disclaimer.

This is old (2014) but still an interesting slide deck on OpenID Connect

http://wiki.openid.net/w/file/fetch/80030063/OpenID_Connect_Overview_May_5_2014.pdf

Ed

image

image

···

From: Dhis2-users [mailto:dhis2-users-bounces+erobinson=projectbalance.com@lists.launchpad.net] On Behalf Of Edward Robinson

Sent: Monday, 07 August 2017 3:53 PM

To: Jason Phillips jason@hisp.org; Morten Olav Hansen morten@dhis2.org

Cc: DHIS 2 Users list dhis2-users@lists.launchpad.net

Subject: Re: [Dhis2-users] OAuth & Single-Sign-on / CAS with DHIS2

Just adding my 5c – OpenID has been superseded by OpenID connect

These may be interesting reading too:

http://lightstep.com/blog/everything-I-wish-I-knew-about-enterprise-sso/

https://developers.google.com/identity/protocols/OpenIDConnect

Cheers

Ed

From: Dhis2-users [mailto:dhis2-users-bounces+erobinson=projectbalance.com@lists.launchpad.net] On Behalf Of Jason Phillips

Sent: Monday, 07 August 2017 11:57 AM

To: Morten Olav Hansen morten@dhis2.org

Cc: DHIS 2 Users list dhis2-users@lists.launchpad.net

Subject: Re: [Dhis2-users] OAuth & Single-Sign-on / CAS with DHIS2

Hi Morten,

Thanks for your reply.

We did consider LDAP – and it’s certainly still on the table – but were definitely, based on your response, heading in the wrong direction; I have been investigating a number of OpenID server entities instead, so I am grateful for your advice.

We’ll experiment with LDAP instead, and see where we wind up! One day soon, we hope to begin documenting and sharing with the community all our “solutions”, so will eventually revert with our end-game…

Kind Regards,

Jason Phillips

Information Systems / Infrastructure**

Health Information Systems Program

____________________________________**

This message and any attachments are subject to a disclaimer published at http://www.hisp.org/policies.html#comms_disclaimer . Please read the disclaimer before opening any attachment or taking any other action in terms of this electronic transmission. If you cannot access the disclaimer, kindly send an email to disclaimer@hisp.org
and a copy will be provided to you. By replying to this e-mail or opening any attachment you agree to be bound by the provisions of the disclaimer.

From: Morten Olav Hansen [mailto:morten@dhis2.org]

Sent: Sunday, 06 August 2017 7:49 PM

To: Jason Phillips jason@hisp.org

Cc: DHIS 2 Users list dhis2-users@lists.launchpad.net

Subject: Re: [Dhis2-users] OAuth & Single-Sign-on / CAS with DHIS2

Hi Jason

Have you considered using LDAP? we have had support for that a few releases. OpenID is basically deprecated, and I suggest not going that route. OAuth2 does not itself contain any authentication protocols (we are using basic or form based to get the bearer token).

We have a issue for adding OpenID connect support (OpenID 2 + OAuth2) but that’s not something that is coming soon.

Morten Olav Hansen

Senior Engineer, DHIS 2

University of Oslo

http://www.dhis2.org

On Fri, Aug 4, 2017 at 10:38 AM, Jason Phillips jason@hisp.org wrote:

Greetings, community!

HISP SA is looking at ways to implement a single-sign-on solution within our hosted DHIS2 instances, potentially using OAuth and a self-hosted central OpenID/OpenAuth server entity (or even a dhis2 instance?) for authentication.

Has anyone got any experience with implementing such a solution, and/or any advice about what the best practice could/would be to do so?

The aim would be to try and get all dhis2 instances to share a single user’s password across the board, and ideally be able to revoke, manage and control access to all instances in a single location.

Any advice, comments, suggestions or guidance would be most welcome.

Kind Regards,

Jason Phillips

Information Systems / Infrastructure**

Health Information Systems Program

____________________________________**

eMail: jason@hisp.org

Tel/Fax: +27 21 712 0170

Cell: +27 72 973 7250

Skype: jason.n.phillips

This message and any attachments are subject to a disclaimer published at http://www.hisp.org/policies.html#comms_disclaimer . Please read the disclaimer before opening any attachment or taking any other action in terms of this electronic transmission. If you cannot access the disclaimer, kindly send an email to disclaimer@hisp.org and a copy will be provided to you. By replying to this e-mail or opening any attachment you agree to be bound by the provisions of the disclaimer.

See the conference website for more information!

This message and any attachments are subject to a disclaimer published at http://www.hisp.org/policies.html#comms_disclaimer . Please read the disclaimer before opening any attachment or taking any other action in terms of this electronic transmission. If you cannot access the disclaimer, kindly send an email to
disclaimer@hisp.org and a copy will be provided to you. By replying to this e-mail or opening any attachment you agree to be bound by the provisions of the disclaimer.


Mailing list: https://launchpad.net/~dhis2-users

Post to : dhis2-users@lists.launchpad.net

Unsubscribe : https://launchpad.net/~dhis2-users

More help : https://help.launchpad.net/ListHelp

This message and any attachments are subject to a disclaimer published at http://www.hisp.org/policies.html#comms_disclaimer . Please read the disclaimer before opening any attachment or taking any other action in terms of this electronic transmission. If you cannot access the disclaimer, kindly send an email to
disclaimer@hisp.org and a copy will be provided to you. By replying to this e-mail or opening any attachment you agree to be bound by the provisions of the disclaimer.

1 Like

Thanks! Will look into those URLs.

Kind regards,
Jason Phillips
HISP SA Infrastructure

This message and any attachments are subject to a disclaimer published at http://www.hisp.org/policies.html#comms_disclaimer. Please read the disclaimer before opening any attachment or taking any other action in terms of this electronic transmission. If you cannot access the disclaimer, kindly send an email to disclaimer@hisp.org and a copy will be provided to you. By replying to this e-mail or opening any attachment you agree to be bound by the provisions of the disclaimer.

image

image

···

On 7 Aug 2017 15:52, “Edward Robinson” erobinson@projectbalance.com wrote:

Just adding my 5c – OpenID has been superseded by OpenID connect

These may be interesting reading too:

http://lightstep.com/blog/everything-I-wish-I-knew-about-enterprise-sso/

https://developers.google.com/identity/protocols/OpenIDConnect

Cheers

Ed

From: Dhis2-users [mailto:dhis2-users-bounces+erobinson=projectbalance.com@lists.launchpad.net] On Behalf Of Jason Phillips

Sent: Monday, 07 August 2017 11:57 AM

To: Morten Olav Hansen morten@dhis2.org

Cc: DHIS 2 Users list dhis2-users@lists.launchpad.net

Subject: Re: [Dhis2-users] OAuth & Single-Sign-on / CAS with DHIS2

Hi Morten,

Thanks for your reply.

We did consider LDAP – and it’s certainly still on the table – but were definitely, based on your response, heading in the wrong direction; I have been investigating a number of OpenID server entities instead, so I am grateful for your advice.

We’ll experiment with LDAP instead, and see where we wind up! One day soon, we hope to begin documenting and sharing with the community all our “solutions”, so will eventually revert with our end-game…

Kind Regards,

Jason Phillips

Information Systems / Infrastructure**

Health Information Systems Program

____________________________________**

This message and any attachments are subject to a disclaimer published at http://www.hisp.org/policies.html#comms_disclaimer . Please read the disclaimer before opening any attachment or taking any other action in terms of this electronic transmission. If you cannot access the disclaimer, kindly send an email to disclaimer@hisp.org
and a copy will be provided to you. By replying to this e-mail or opening any attachment you agree to be bound by the provisions of the disclaimer.

From: Morten Olav Hansen [mailto:morten@dhis2.org]

Sent: Sunday, 06 August 2017 7:49 PM

To: Jason Phillips jason@hisp.org

Cc: DHIS 2 Users list dhis2-users@lists.launchpad.net

Subject: Re: [Dhis2-users] OAuth & Single-Sign-on / CAS with DHIS2

Hi Jason

Have you considered using LDAP? we have had support for that a few releases. OpenID is basically deprecated, and I suggest not going that route. OAuth2 does not itself contain any authentication protocols (we are using basic or form based to get the bearer token).

We have a issue for adding OpenID connect support (OpenID 2 + OAuth2) but that’s not something that is coming soon.

Morten Olav Hansen

Senior Engineer, DHIS 2

University of Oslo

http://www.dhis2.org

On Fri, Aug 4, 2017 at 10:38 AM, Jason Phillips jason@hisp.org wrote:

Greetings, community!

HISP SA is looking at ways to implement a single-sign-on solution within our hosted DHIS2 instances, potentially using OAuth and a self-hosted central OpenID/OpenAuth server entity (or even a dhis2 instance?) for authentication.

Has anyone got any experience with implementing such a solution, and/or any advice about what the best practice could/would be to do so?

The aim would be to try and get all dhis2 instances to share a single user’s password across the board, and ideally be able to revoke, manage and control access to all instances in a single location.

Any advice, comments, suggestions or guidance would be most welcome.

Kind Regards,

Jason Phillips

Information Systems / Infrastructure**

Health Information Systems Program

____________________________________**

eMail: jason@hisp.org

Tel/Fax: +27 21 712 0170

Cell: +27 72 973 7250

Skype: jason.n.phillips

This message and any attachments are subject to a disclaimer published at http://www.hisp.org/policies.html#comms_disclaimer . Please read the disclaimer before opening any attachment or taking any other action in terms of this electronic transmission. If you cannot access the disclaimer, kindly send an email to disclaimer@hisp.org and a copy will be provided to you. By replying to this e-mail or opening any attachment you agree to be bound by the provisions of the disclaimer.

See the conference website for more information!

This message and any attachments are subject to a disclaimer published at http://www.hisp.org/policies.html#comms_disclaimer . Please read the disclaimer before opening any attachment or taking any other action in terms of this electronic transmission. If you cannot access the disclaimer, kindly send an email to
disclaimer@hisp.org and a copy will be provided to you. By replying to this e-mail or opening any attachment you agree to be bound by the provisions of the disclaimer.


Mailing list: https://launchpad.net/~dhis2-users

Post to : dhis2-users@lists.launchpad.net

Unsubscribe : https://launchpad.net/~dhis2-users

More help : https://help.launchpad.net/ListHelp

This message and any attachments are subject to a disclaimer published at http://www.hisp.org/policies.html#comms_disclaimer . Please read the disclaimer before opening any attachment or taking any other action in terms of this electronic transmission. If you cannot access the disclaimer, kindly send an email to
disclaimer@hisp.org and a copy will be provided to you. By replying to this e-mail or opening any attachment you agree to be bound by the provisions of the disclaimer.

Hi Jason,

Could you please share if you were successful implementing SSO with DHIS2? Would highly appreciate if you could share the outcome.

Thanks.

1 Like

Hi all,

Any update on what is the best way to establish SSO in DHIS2?

Regards,

Elmarie

1 Like

I haven’t tested yet, but plan to… would using OpenID work perhaps?

If a user is associated with the same OpenID on two systems, I imagine once they are authenticated with one system, they should automatically be with the other.

1 Like