Request for: OpenIDConnect (OIDS) - SSO

Hi DHIS2 USers & Dev team-

LogicalOutcomes is working on integrating with SingleSignOn, using service provider Okta, which works with OpenIDConnect (OIDC).

At present, DHIS2 is only compatible with OpenID and Oath2.

As we understand, OIDC is pretty close to Oauth 2.0 with the exception of an ID Token being passed to the client.

Wondering, what would it take for DHIS2 dev team to add openid as a scope in the request to the authorization server and include an ID token in the response to the client?

@jomutsani is there a certain UiO developer I can speak to / should we put this onto JIRA? We would appreciate a conversation about this soon. Thank you.

@Scott can you direct me to the right dev person for this issue? Thanks so much!

Hi @sgaudon ,

my name is Morten Svanæs and I’m the security engineer on the DHIS2 back-end team.
I’m not sure if you have talked to any other developers yet, but this task implementing support for (OIDC) is on my task list for the 2.35 version. That is all I can say for now, due to the COVID-19 situation there might be some changes to the time plan this year. This is a highly wanted feature so this has high priority now.
I hope this answers some of your questions.
Feel free to contact me directly on: msvanaes@dhis2.org if you have any other questions regarding JIRA issues etc.

1 Like

Hi @netroms - if you’re able to point me to the right person - needing more information from DHIS2 about the authentication process. We are testing SSO service Okta using SWA and getting returned to the DHIS2 login screen with no messages…is it possible to check a log somewhere (?) to see why the access attempt is getting denied?
Thanks again for any help you may offer here.
-Sara