2016-10-15 19:57:04 +02:00
<!DOCTYPE html>
< html lang = "en" dir = "ltr" >
< head >
< meta charset = "utf-8" / >
< title > documentation:2.0:authopenid< / title >
< meta name = "generator" content = "DokuWiki" / >
2017-02-22 13:41:23 +01:00
< meta name = "robots" content = "index,follow" / >
2016-10-15 19:57:04 +02:00
< meta name = "keywords" content = "documentation,2.0,authopenid" / >
< link rel = "search" type = "application/opensearchdescription+xml" href = "lib/exe/opensearch.html" title = "LemonLDAP::NG" / >
< link rel = "start" href = "authopenid.html" / >
< link rel = "contents" href = "authopenid.html" title = "Sitemap" / >
< link rel = "stylesheet" type = "text/css" href = "lib/exe/css.php.t.bootstrap3.css" / >
2017-02-07 17:35:26 +01:00
<!-- //if:usedebianlibs
< link rel = "stylesheet" type = "text/css" href = "/javascript/bootstrap/css/bootstrap.min.css" / >
//elsif:useexternallibs
< link rel = "stylesheet" type = "text/css" href = "https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css" > < / script >
//elsif:cssminified
< link rel = "stylesheet" type = "text/css" href = "/static/bwr/bootstrap/dist/css/bootstrap.min.css" / >
//else -->
< link rel = "stylesheet" type = "text/css" href = "/static/bwr/bootstrap/dist/css/bootstrap.css" / >
<!-- //endif -->
2016-10-15 19:57:04 +02:00
< script type = "text/javascript" > / * < ! [ C D A T A [ * / v a r N S = ' d o c u m e n t a t i o n : 2 . 0 ' ; v a r J S I N F O = { " i d " : " d o c u m e n t a t i o n : 2 . 0 : a u t h o p e n i d " , " n a m e s p a c e " : " d o c u m e n t a t i o n : 2 . 0 " } ;
/*!]]>*/< / script >
< script type = "text/javascript" charset = "utf-8" src = "lib/exe/js.php.t.bootstrap3.js" > < / script >
2017-02-07 17:35:26 +01:00
<!-- //if:usedebianlibs
< script type = "text/javascript" src = "/javascript/jquery/jquery.min.js" > < / script >
//elsif:useexternallibs
< script type = "text/javascript" src = "http://code.jquery.com/jquery-2.2.0.min.js" > < / script >
//elsif:jsminified
< script type = "text/javascript" src = "/static/bwr/jquery/dist/jquery.min.js" > < / script >
//else -->
< script type = "text/javascript" src = "/static/bwr/jquery/dist/jquery.js" > < / script >
<!-- //endif -->
<!-- //if:usedebianlibs
< script type = "text/javascript" src = "/javascript/jquery-ui/jquery-ui.min.js" > < / script >
//elsif:useexternallibs
< script type = "text/javascript" src = "http://code.jquery.com/ui/1.10.4/jquery-ui.min.js" > < / script >
//elsif:jsminified
2018-03-08 13:29:31 +01:00
< script type = "text/javascript" src = "/static/bwr/jquery-ui/jquery-ui.min.js" > < / script >
2017-02-07 17:35:26 +01:00
//else -->
2018-03-08 13:29:31 +01:00
< script type = "text/javascript" src = "/static/bwr/jquery-ui/jquery-ui.js" > < / script >
2017-02-07 17:35:26 +01:00
<!-- //endif -->
2016-10-15 19:57:04 +02:00
< / head >
< body >
< div class = "dokuwiki export container" >
< h1 class = "sectionedit1" id = "openid" > OpenID< / h1 >
< div class = "level1" >
< div class = "table sectionedit2" > < table class = "inline table table-bordered table-striped" >
< thead >
< tr class = "row0 roweven" >
< th class = "col0 centeralign" > Authentication < / th > < th class = "col1 centeralign" > Users < / th > < th class = "col2 centeralign" > Password < / th >
< / tr >
< / thead >
< tr class = "row1 rowodd" >
< td class = "col0 centeralign" > ✔ < / td > < td class = "col1 centeralign" > ✔ < / td > < td class = "col2" > < / td >
< / tr >
< / table > < / div >
<!-- EDIT2 TABLE [22 - 85] --> < div class = "notewarning" > OpenID protocol is deprecated. You should now use < a href = "authopenidconnect.html" class = "wikilink1" title = "documentation:2.0:authopenidconnect" > OpenID Connect< / a > .
< / div >
< / div >
<!-- EDIT1 SECTION "OpenID" [1 - 196] -->
< h2 class = "sectionedit3" id = "presentation" > Presentation< / h2 >
< div class = "level2" >
< p >
< abbr title = "LemonLDAP::NG" > LL::NG< / abbr > can delegate authentication to an OpenID server. This requires < a href = "http://search.cpan.org/~mart/Net-OpenID-Consumer/" class = "urlextern" title = "http://search.cpan.org/~mart/Net-OpenID-Consumer/" rel = "nofollow" > Perl OpenID consumer module< / a > with at least version 1.0.
< / p >
2017-02-07 17:35:26 +01:00
< div class = "notetip" > < abbr title = "LemonLDAP::NG" > LL::NG< / abbr > can also act as < a href = "idpopenid.html" class = "wikilink1" title = "documentation:2.0:idpopenid" > OpenID server< / a > , that allows one to interconnect two < abbr title = "LemonLDAP::NG" > LL::NG< / abbr > systems.
2016-10-15 19:57:04 +02:00
< / div >
< p >
< abbr title = "LemonLDAP::NG" > LL::NG< / abbr > will then display a form with an OpenID input, wher users will type their OpenID login.
< / p >
< div class = "notetip" > OpenID authentication can proposed as an alternate authentication scheme using the < a href = "authchoice.html" class = "wikilink1" title = "documentation:2.0:authchoice" > authentication choice< / a > method.
< / div >
< p >
< abbr title = "LemonLDAP::NG" > LL::NG< / abbr > can use a white list or a black list to filter allowed OpenID domains.
< / p >
< p >
2017-02-07 17:35:26 +01:00
If OpenID is used as users database, attributes will be requested to the server with SREG extension.
2016-10-15 19:57:04 +02:00
< / p >
< / div >
2017-02-07 17:35:26 +01:00
<!-- EDIT3 SECTION "Presentation" [197 - 947] -->
2016-10-15 19:57:04 +02:00
< h2 class = "sectionedit4" id = "configuration" > Configuration< / h2 >
< div class = "level2" >
< p >
In Manager, go in < code > General Parameters< / code > > < code > Authentication modules< / code > and choose OpenID for authentication and/or users.
< / p >
< p >
Then, go in < code > OpenID parameters< / code > :
< / p >
< ul >
< li class = "level1" > < div class = "li" > < strong > Authentication level< / strong > : authentication level for this module.< / div >
< / li >
< li class = "level1" > < div class = "li" > < strong > Secret token< / strong > : used to check integrity of OpenID response.< / div >
< / li >
2019-09-23 22:41:16 +02:00
< li class = "level1" > < div class = "li" > < strong > Authorizated domain< / strong > :< / div >
2016-10-15 19:57:04 +02:00
< ul >
< li class = "level2" > < div class = "li" > < strong > List type< / strong > : choose white list to define allowed domains or black list to define forbidden domains< / div >
< / li >
< li class = "level2" > < div class = "li" > < strong > List< / strong > : domains list (comma separated values)< / div >
< / li >
< / ul >
< / li >
< / ul >
< p >
To configure requested attributes, edit < strong > Exported variables< / strong > and define attributes:
< / p >
< ul >
< li class = "level1" > < div class = "li" > < strong > Key< / strong > : internal session key, can be prefixed by < code > !< / code > to make the attribute required< / div >
< / li >
< li class = "level1" > < div class = "li" > < strong > Value< / strong > : SREG attribute name:< / div >
< ul >
< li class = "level2" > < div class = "li" > fullname< / div >
< / li >
< li class = "level2" > < div class = "li" > nickname< / div >
< / li >
< li class = "level2" > < div class = "li" > language< / div >
< / li >
< li class = "level2" > < div class = "li" > postcode< / div >
< / li >
< li class = "level2" > < div class = "li" > timezone< / div >
< / li >
< li class = "level2" > < div class = "li" > country< / div >
< / li >
< li class = "level2" > < div class = "li" > gender< / div >
< / li >
< li class = "level2" > < div class = "li" > email< / div >
< / li >
< li class = "level2" > < div class = "li" > dob< / div >
< / li >
< / ul >
< / li >
< / ul >
< p >
See also < a href = "exportedvars.html" class = "wikilink1" title = "documentation:2.0:exportedvars" > exported variables configuration< / a > .
< / p >
2018-12-20 10:46:14 +01:00
< div class = "noteimportant" > Browser implementations of formAction directive are inconsistent (e.g. Firefox doesn' t block the redirects whereas Chrome does).
Administrators may have to modify formAction value with wildcard likes *.
< p >
In Manager, go in :
< / p >
< p >
< code > General Parameters< / code > > < code > Advanced Parameters< / code > > < code > Security< / code > > < code > Content Security Policy< / code > > < code > Form destination< / code >
< / p >
2016-10-15 19:57:04 +02:00
2018-12-20 10:46:14 +01:00
< / div >
2016-10-15 19:57:04 +02:00
< / div >
2017-02-07 17:35:26 +01:00
<!-- EDIT4 SECTION "Configuration" [948 - ] --> < / div >
2016-10-15 19:57:04 +02:00
< / body >
< / html >