When using Google verification with the Google Sign-In button on SSL / non-SSL login pages, the Smoothwall Filter and Firewall must submit a valid client ID and client secret to be able to communicate with Google OAuth servers. This communication is to confirm that a user is indeed who they say they are.
If you already have a client ID and client secret, you can find them in the Google API Console on the Credentials page. Alternatively, if you need to create these, follow the procedure.
Disclaimer: The following instructions are correct at the time of writing. Google feature names and links might change over time.
Procedure
- In the Google API console, set up OAuth with these settings. See the Google help topic, Setting up OAuth 2.0.
- Application type: "Web application".
- Name: Type an appropriate name for the credentials web application, for example, Smoothwall Login.
-
Authorized JavaScript origins:
- Enter the URL of the Smoothwall appliance host name that Google should only accept OAuth requests from, suffixed with port
442
. The URL used must be the host name of the Smoothwall which Chromebooks will resolve via DNS. If Chromebook Authentication is to be configured for external off-site access, the URL must have a public DNS record which resolves to the Smoothwall's external IP address.- If you are creating this project for SSL login pages, or a combination of both, enter a HTTPS version of the Smoothwall URL, for example:
https://proxy.smoothtest.com:442
- If you are creating this project for non-SSL login pages, enter a HTTP version of the Smoothwall URL without the port number, for example:
http://proxy.smoothtest.com
- If you are creating this project for both scenarios (SSL login pages, and non-SSL login pages), enter both the HTTPS and HTTP versions of the URL:
- https://proxy.smoothtest.com:442
- http://proxy.smoothtest.com
- If you are creating this project for SSL login pages, or a combination of both, enter a HTTPS version of the Smoothwall URL, for example:
- Enter the URL of the Smoothwall appliance host name that Google should only accept OAuth requests from, suffixed with port
- Authorized redirect URIs:
- Enter the URL that the Smoothwall Filter and Firewall will use to communicate with Google. Use the Smoothwall appliance host name and port number configured for Authorized JavaScript origins, with
oauth2callback
as the path. If you are creating this project for SSL login pages, or a combination of both, enter a HTTPS version of the Smoothwall URL, for example:https://proxy.smoothtest.com:442/oauth2callback
If you are creating this project for non-SSL login pages, enter a HTTP version of the Smoothwall URL without the port number, for example, http://proxy.smoothtest.com/oauth2callback- If you are creating this project for both scenarios (SSL login pages, and non-SSL login pages), enter both the HTTPS and HTTP versions of the URL:
- https://proxy.smoothtest.com:442/oauth2callback
- http://proxy.smoothtest.com/oauth2callback
- If you are creating this project for both scenarios (SSL login pages, and non-SSL login pages), enter both the HTTPS and HTTP versions of the URL:
- Enter the URL that the Smoothwall Filter and Firewall will use to communicate with Google. Use the Smoothwall appliance host name and port number configured for Authorized JavaScript origins, with
- In the OAuth client dialog box, copy both the client ID and client secret.
Your web application's Restrictions should resemble these settings:
Follow-up tasks
- If you haven't configured a consent screen previously, you can do this in the Google API Console. The consent screen opens whenever permission is needed to access users' data. See Google's help topic, User consent.
- Add the client ID and client secret to the Google directory.