worteks
/
lemonldap-ng
mirror of https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng
3
0
Fork 0
Code Issues Projects Releases Wiki Activity
LemonLDAP::NG Web SSO
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
10184 Commits
107 Branches
123 Tags
109 MiB
 
 
 
 
 
Tag: Branch: Tree: 86b9ffedf7
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '86b9ffedf7'
${ noResults }
lemonldap-ng/doc/sources/admin/authopenidconnect_francecon...

71 lines
2.2 KiB
Raw Blame History

France Connect
==============
|image0|
Presentation
------------
`France Connect <https://doc.integ01.dev-franceconnect.fr/>`__ is an
authentication platform made by French government.
.. important::
It is for the moment only in BETA stage. This
documentation will explain how to configure LL::NG with the developer
reserved space.
Register on France Connect
--------------------------
Once :doc:`OpenID Connect service<openidconnectservice>` is configured,
you need to register to France Connect.
Use the following form:
https://doc.integ01.dev-franceconnect.fr/inscription.
You need to provide the callback URLs, for example
https://auth.domain.com/?openidcallback=1.
You will then get a ``client_id`` and a ``client_secret``.
Declare France Connect in your LL::NG server
--------------------------------------------
Go in Manager and create a new OpenID Connect provider. You can call it
``france-connect`` for example.
Click on ``Metadata`` and set manually the metadata of the service,
using `France Connect
endpoints <https://doc.integ01.dev-franceconnect.fr/fournisseur-service>`__.
For example:
.. code:: javascript
{
"issuer": "https://fcp.integ01.dev-franceconnect.fr",
"authorization_endpoint": "https://fcp.integ01.dev-franceconnect.fr/api/v1/authorize",
"token_endpoint": "https://fcp.integ01.dev-franceconnect.fr/api/v1/token",
"userinfo_endpoint": "https://fcp.integ01.dev-franceconnect.fr/api/v1/userinfo",
"end_session_endpoint":"https://fcp.integ01.dev-franceconnect.fr/api/v1/logout"
}
You can skip JWKS data, they are not provided by France Connect. The
security relies on the symmetric key ``client_secret``.
Go in ``Exported attributes`` to choose which attributes from "identité
pivot" you want to collect. See
https://doc.integ01.dev-franceconnect.fr/identite-pivot
Now go in ``Options``:
- In ``Configuration``, register the ``client_id`` and
``client_secret`` given by France Connect
- In ``Protocol``, adapt the ``scope`` to the exported attributes you
want. See https://doc.integ01.dev-franceconnect.fr/fs-scopes
- In ``Display``, you can set the name and the logo
.. |image0| image:: /applications/franceconnect_logo.png
:class: align-center