1. Home
  2. OpenKM 6.4
  3. Setup
  4. Configuring Google Drive
  1.  

OpenKM 6.4
Hardware and software requirements
Installation
Setup
Antivirus configuration
Cleaning older activity log data
Configuring Apache HTTP Reverse-Proxy
Configuring Apache HTTP for changing context URL
Configuring Apache HTTPS Reverse-Proxy
Configuring Nginx HTTP Reverse-Proxy
Configuring Lucene Analyzer
Configuring OCR engine
Configuring OpenSSL
Configuring SWFTools
Configuring mail
Configuring Tomcat memory utilization
Configuring Tomcat port
Configuring Tomcat session timeout
Configuring Tomcat timezone
Configuring safe trash purge
Configuring Tomcat to work behind an Internet proxy
Change repository home
Change default role names
Enable extensions
Enable WebDAV
LDAP configuration
Log configuration
LibreOffice configuration
Security configuration
SSO Configuration
Configuring Google Drive
Configuring document expiration
Configuring Joomla integration
Configuring Wordpress integration
Configuring Two Factor Authentication
Configuring CIFS
Configuring Dropbox
Cache configuration
Configuring CADViewer
Configuring VidSigner
Configuring search highlighter
Troubleshooting
Administration guide
User guide
Migration guide
Development

Configuring Google Drive

The Google Drive API is based on the security API OAuth2.

More info at http://www.thegameofcode.com/2012/07/conceptos-basicos-de-oauth2.html

The objective of this security API is that a Third Party application never gets access to the client's credentials. Instead of that, the application is redirected to the owned page where the client's credentials are entered (a Google page in this case).

Then a token with a set active time period which allow us to access resources without knowing the credentials is returned

Example of the kind of interactions that can be performed.

Google Drive Configuration

As discussed above, our application will be redirected to a Google page where the client's credentials will be introduced. As a security extension not only are user credentials needed but the redirection request must include some parameters that will authenticate the application as valid to interact with Google. These parameters are the client identificator and the client seceret. Where can you get them?

To do this task go to the page for developers at Google.

After signining with a valid account, the following page will be shown:

 

The next step is to create a new project:

  • Click on the button "Create Project"
  • Fill in some basic information such as the name of the project.

At the end of the process the name of the proyect will appear in the previous menu:

                             

Select the project to apply changes to it.

 

The firs step is to configure the Google APIs that the application is allowed to interact with. To do it, in the main page, the APIs related to Google+ and Drive have to be enabled. At least the following are required:

  • Google+ API
  • Drive API
  • Contact API

In you do not find them directly, you can use the text field at the top to search for them.

The next step is to create the OAuth credentials. Now, in the left menu, click on credentials option.

  • Then click on “Create credentials” and select "OAuth client ID".

A wizard will begin with the following steps:

  1. Select Web application. Before this the Authorization page should be configured: this will be the page shown to the client to accept the redirection. The data shown is:
    • Name of the application       
    • Logo of the product
    • Email address
  2. After filling in the required data, it will redirect to the previous page, and after selecting Web application, the following fields will appear:

                                             

   3. Configure Authorized redirect URLs that are the URLs from which google will accept requests. You can accept several URLs, one per line. In this space fill in the followin URL:

  • After filling this data, click on the “Create” button again and a page with the data generated will be shown, as can be seen in the image below. This data will be necessry to configure the OpenKM instance.

                    

    Notes regarding Redirect URLs

  • Google expects real domain names within the redirect URI or localhost. Neither fake domains nor IPs are accepted.
  • A Redirecting URL must match with the one sent by the server. This means that the hostname where OpenKM is accessed must be the same as in this URL (localhost or whatever the real domain name is), because the server builds the Redirect URI based on it.

These are all configuration steps needed from the google developer console. Now, the configuration parameter created (client id and client secret)  will be added to the configuration of OpenKM's Configuration parameters.

PropertyTypeDescription

google.drive.client.id

String

The Google Drive client id.

google.drive.client.secret

String

The Google Drive client secret.

Finally, to allow the change to be applied, it is necessary to close the OpenKM session.

Troobleshoting

You may see this error when using this extension:

ERROR org.springframework.social.connect.web.ProviderSignInController - Exception while completing OAuth 2 connection: 
org.springframework.web.client.ResourceAccessException: I/O error on POST request for "https://accounts.google.com/o/oauth2/token": java.lang.RuntimeException: Unexpected error: 
java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty; nested exception is javax.net.ssl.SSLException: java.lang.RuntimeException: Unexpected error: 
java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty

This is related to a problem with the key store of Java cacerts, but we are not sure if it is something related to the Java version (OpenJDK vs Oracle version).

To solve it:

  • Install Java certificates from repository: sudo apt-get install ca-certificates-java
  • Modify $TOMCAT_HOME/bin/setenv.sh and add this parameter: -Djavax.net.ssl.trustStore=/etc/ssl/certs/java/cacerts

© OpenKM kcenter v.1.0.0 (build: d51a7b0). All Rights Reserved. Documentation license