Single Sign-On (SSO) to Rocket Chat#
This doc will guide you on how to setup a Gluu Server as your identity provider (IDP) for access to Rocket Chat. By using a Gluu Server as your IDP, you can bypass the process of storing passwords in Rocket Chat.
- An operational Gluu Server installation
- An operational Rocket.Chat installation
- A user with administrative privileges in each application
When adding the Gluu Server OAuth client to Rocket Chat (described below), the server title is converted to lowercase, and hyphens, spaces, etc. are removed. So for example,
Gluu Server or
Gluu-Server will be converted to
gluuserver. And then at the top of the page, the following message is generated:
When setting up your OAuth Provider, you'll have to inform a Callback URL. Use
During creation of your client in the Gluu Server, this URL is used as the
Redirect Login URI.
Gluu Server Configuration#
In oxTrust, navigate to
OpenID Connect >
Client and click
Add Client. You'll see the following form to create the client for Rocket Chat:
Client IDis generated automatically.
- Keep sufficiently strong
- Add optional
Redirect Login URIs(use the Callback URL from Rocket Chat as noted above)
- Add at least the following scopes
Scopes: email, openid, profile and user_name.
- Add the following
Response Types: code, token, id_token.
- Add the following
Grant Types: authorization_code.
Application Typeto Web.
Authentication method for the Token Endpointto client_secret_post.
After completing these fields, click the
The configured client should look similar to this:
Configuring Rocket Chat#
In the Rocketchat Administration area, find the page for
OAuth and click
Add custom oauth.
Add a name for your server, we called ours:
- Add the
URLof your Gluu Server.
Token Pathas /oxauth/restv1/token.
Identity Pathas /oxauth/restv1/userinfo.
Authorize Pathas /oxauth/restv1/authorize.
Scopeas openid email profile user_name
Idfrom the client created in your Gluu Server.
Secretfrom the client created in your Gluu Server.
- We chose
Button Textas Gluu OpenID.
Login Stylesis a matter of choice.
Once you set all the parameters and save the changes, the screenshots look like below two screenshots.
Access your Rocket Chat server and you should see two options to login: username and password and the custom text you just added, e.g Gluu OpenID.
This is shown as below:
After we click the link, e.g. Gluu OpenID, we're redirected to the Gluu Server for login. We had created a test user, so we added the username and password as shown below:
Once authentication is complete, we're redirected back to Rocket Chat where we're asked to create a new username. It's purely a matter of personal choice. We chose to keep it the same, i.e test.
See the screen below asking us to provide the username:
Once done, we're granted access to Rocket Chat.