Integration: Innovaphone
The following describes how to integrate OpenTalk seamlessly into the Innovaphone myApps/PBX. The PBX must be available in at least version 137781.
You also need an existing OpenTalk installation, a description of how to install OpenTalk on premise can be found here: https://gitlab.opencode.de/opentalk/ot-setup
OAuth2 basic settings
Navigate within myApps as follows: Devices > PBX > Config > Authentication
- Select the Authentication type: PBX and OAuth2
- Set an OAuth2 provider name, e.g: Innovaphone auth. with OpenTalk
- Set the OAuth2 domain, or the URL to your OpenTalk installation: opentalk.yourdomain.com
Activate and set up OAuth2
Navigate within myApps as follows Devices > Services > OAuth2 > Config.
-
Enable the OAuth2 "Config" with the checkbox Enable: √.
-
Set the DNS name of this gateway, for example: pbx.yourdomain.com
-
Set the OpenID known configuration URL, for example: https://accounts.opentalk.ihredomain.de/auth/realms/realm-name/.well-known/openid-configuration
-
Set the Client ID to the client ID you defined in the keycloak, e.g.: pbxauth
-
Set the upn (unique email address): email
The OpenID known configuration URL is always made up of the domain for the keycloak and the realm name. So please replace the above part accounts.opentalk.yourdomain.com with your own keycloak domain. The realm name above is the realm you have configured in Keycloak. If we assume that the Keycloak installation is based on the provided OpenSource installation (https://gitlab.opencode.de/opentalk/ot-setup) and no changes have been made to the realm, the realm name is opentalk.
Tip: The OpenID known configuration URL can be tested by calling it in a browser, if successful a JSON is returned confirming the correct URL for the known configuration.
.
Verify OAuth2 configuration
Navigate within myApps as follows: Devices > Services > OAuth2 > State
You have the option to check the configuration from the previous steps independently, if all parameters have been set correctly, the test result should be as follows:
Innovaphone LDAP and Keycloak User Federation
Navigate within myApps as follows: Devices > Services > LDAP > Server
- Set an LDAP user that is used within Keycloak as a service user for LDAP queries
- Activate the Force TLS option in any case
First select the correct realm in Keycloak, do not edit the master realm in this context. Select "opentalk" or the realm you have created.
Navigate within the Keycloak as follows: User federation > Add new provider > LDAP Connection URL: ldaps://pbx.yourdomain.com:636 Use Truststore SPI: Only for ldaps ** Bind type: simple
The other settings and options under LDAP searching and updating depend heavily on the type of use of the Keycloak LDAP connection, e.g. should the user creation be realized via Keycloak or should everything be managed centrally via Innovaphone.
This must be decided and set up depending on the use case.