2016-10-15 19:57:54 +02:00
<!DOCTYPE html>
< html lang = "fr" dir = "ltr" >
< head >
< meta http-equiv = "content-type" content = "text/html; charset=UTF-8" >
< meta charset = "utf-8" / >
2017-02-07 17:35:26 +01:00
< title > documentation:2.0:idpopenidconnect< / title > <!-- //if:usedebianlibs
< link rel = "stylesheet" type = "text/css" href = "/javascript/bootstrap/css/bootstrap.min.css" / >
//elsif:useexternallibs
< link rel = "stylesheet" type = "text/css" href = "https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css" > < / script >
//elsif:cssminified
< link rel = "stylesheet" type = "text/css" href = "/static/bwr/bootstrap/dist/css/bootstrap.min.css" / >
//else --><!-- //endif -->
2016-10-15 19:57:54 +02:00
< meta name = "generator" content = "DokuWiki" / >
< meta name = "robots" content = "index,follow" / >
< meta name = "keywords" content = "documentation,2.0,idpopenidconnect" / >
< link rel = "search" type = "application/opensearchdescription+xml" href = "lib/exe/opensearch.html" title = "LemonLDAP::NG" / >
< link rel = "start" href = "idpopenidconnect.html" / >
< link rel = "contents" href = "idpopenidconnect.html" title = "Sitemap" / >
< link rel = "stylesheet" type = "text/css" href = "lib/exe/css.php.t.bootstrap3.css" / >
2017-02-07 17:35:26 +01:00
< link rel = "stylesheet" type = "text/css" href = "/static/bwr/bootstrap/dist/css/bootstrap.css" / >
2016-10-15 19:57:54 +02:00
< script type = "text/javascript" > / * < ! [ C D A T A [ * / v a r N S = ' d o c u m e n t a t i o n : 2 . 0 ' ; v a r J S I N F O = { " i d " : " d o c u m e n t a t i o n : 2 . 0 : i d p o p e n i d c o n n e c t " , " n a m e s p a c e " : " d o c u m e n t a t i o n : 2 . 0 " } ;
/*!]]>*/< / script >
2017-02-07 17:35:26 +01:00
< script type = "text/javascript" charset = "utf-8" src = "lib/exe/js.php.t.bootstrap3.js" > < / script > <!-- //if:usedebianlibs
< script type = "text/javascript" src = "/javascript/jquery/jquery.min.js" > < / script >
//elsif:useexternallibs
< script type = "text/javascript" src = "http://code.jquery.com/jquery-2.2.0.min.js" > < / script >
//elsif:jsminified
< script type = "text/javascript" src = "/static/bwr/jquery/dist/jquery.min.js" > < / script >
//else -->
< script type = "text/javascript" src = "/static/bwr/jquery/dist/jquery.js" > < / script > <!-- //endif --> <!-- //if:usedebianlibs
< script type = "text/javascript" src = "/javascript/jquery-ui/jquery-ui.min.js" > < / script >
//elsif:useexternallibs
< script type = "text/javascript" src = "http://code.jquery.com/ui/1.10.4/jquery-ui.min.js" > < / script >
//elsif:jsminified
< script type = "text/javascript" src = "/lib/scripts/jquery-ui.min.js" > < / script >
//else -->
< script type = "text/javascript" src = "/lib/scripts/jquery-ui.js" > < / script > <!-- //endif -->
2016-10-15 19:57:54 +02:00
< / head >
< body >
< div class = "dokuwiki export container" > <!-- TOC START -->
< div id = "dw__toc" >
< h3 class = "toggle" > Table of Contents< / h3 >
< div >
< ul class = "toc" >
< li class = "level1" > < div class = "li" > < a href = "#presentation" > Présentation< / a > < / div > < / li >
< li class = "level1" > < div class = "li" > < a href = "#configuration" > Configuration< / a > < / div >
< ul class = "toc" >
< li class = "level2" > < div class = "li" > < a href = "#openid_connect_service" > Service OpenID-Connect< / a > < / div > < / li >
< li class = "level2" > < div class = "li" > < a href = "#issuerdb" > IssuerDB< / a > < / div > < / li >
< li class = "level2" > < div class = "li" > < a href = "#configuration_of_llng_in_relying_party" > Configuration de LL::NG en "Relying Party" (client)< / a > < / div > < / li >
< li class = "level2" > < div class = "li" > < a href = "#configuration_of_relying_party_in_llng" > Configuration du client (Relying Party) dans LL::NG< / a > < / div >
< ul class = "toc" >
< li class = "level3" > < div class = "li" > < a href = "#exported_attributes" > Attributs exportés< / a > < / div > < / li >
< li class = "level3" > < div class = "li" > < a href = "#options" > Options< / a > < / div > < / li >
2017-02-07 17:35:26 +01:00
< li class = "level3" > < div class = "li" > < a href = "#extra_claims" > Extra claims< / a > < / div > < / li >
2016-10-15 19:57:54 +02:00
< / ul > < / li >
< / ul > < / li >
< / ul >
< / div >
< / div > <!-- TOC END -->
< h1 class = "sectionedit1" id = "openid_connect_provider" > Fournisseur OpenID-Connect< / h1 >
< div class = "level1" >
< / div > <!-- EDIT1 SECTION "OpenID Connect Provider" [1 - 39] -->
< h2 class = "sectionedit2" id = "presentation" > Présentation< / h2 >
< div class = "level2" >
< div class = "noteclassic" > OpenID Connect est un protocole basé sur les piles REST, OAuth 2.0 et JOSE. Il est décrit ici : < a href = "http://openid.net/connect/" class = "urlextern" title = "http://openid.net/connect/" rel = "nofollow" > http://openid.net/connect/< / a > .
< / div >
< p >
< abbr title = "LemonLDAP::NG" > LL::NG< / abbr > peut agir comme fournisseur OpenID-Connect (OP). Il répond aux requêtes OpenID-Connect pour délivrer l'identité de l'utilisateur (via un jeton identifiant) et des informations (via le point d'accès "User Info").
< / p >
< p >
Comme OP, < abbr title = "LemonLDAP::NG" > LL::NG< / abbr > supporte de nombreuses fonctionnalités OpenID-Connect :
< / p >
< ul >
< li class = "level1" > < div class = "li" > Flux de codes d'authorisation, implicites et hybrides< / div >
< / li >
< li class = "level1" > < div class = "li" > Publication de métadonnée JSON et JWKS (Discovery)< / div >
< / li >
< li class = "level1" > < div class = "li" > paramètres < code > prompt< / code > , < code > display< / code > , < code > ui_locales< / code > et < code > max_age< / code > < / div >
< / li >
< li class = "level1" > < div class = "li" > Définitions réclamées supplémentaires< / div >
< / li >
< li class = "level1" > < div class = "li" > Références de classe de contexte d'authentification (ACR)< / div >
< / li >
< li class = "level1" > < div class = "li" > Nonce< / div >
< / li >
< li class = "level1" > < div class = "li" > Enregistrement dynamique< / div >
< / li >
< li class = "level1" > < div class = "li" > Génération de hash de jeton d'accès< / div >
< / li >
< li class = "level1" > < div class = "li" > Signature du jeton identifiant (HS256/HS384/HS512/RS256/RS384/RS512)< / div >
< / li >
< li class = "level1" > < div class = "li" > Point d'accès UserInfo, en JSON ou JWT< / div >
< / li >
< li class = "level1" > < div class = "li" > Requête et < abbr title = "Uniform Resource Identifier" > URI< / abbr > de requête< / div >
< / li >
< li class = "level1" > < div class = "li" > Gestion de session< / div >
< / li >
< / ul >
< / div > <!-- EDIT2 SECTION "Presentation" [40 - 922] -->
< h2 class = "sectionedit3" id = "configuration" > Configuration< / h2 >
< div class = "level2" >
< / div > <!-- EDIT3 SECTION "Configuration" [923 - 949] -->
< h3 class = "sectionedit4" id = "openid_connect_service" > Service OpenID-Connect< / h3 >
< div class = "level3" >
< p >
Voir le chapître de configuration du < a href = "openidconnectservice.html" class = "wikilink1" title = "documentation:2.0:openidconnectservice" > service OpenID-Connect< / a > .
< / p >
< / div > <!-- EDIT4 SECTION "OpenID Connect Service" [950 - 1059] -->
< h3 class = "sectionedit5" id = "issuerdb" > IssuerDB< / h3 >
< div class = "level3" >
< p >
Aller dans < code > Paramètres généraux< / code > > < code > Modules fournisseurs< / code > » < code > OpenID-Connect< / code > et configurer :
< / p >
< ul >
< li class = "level1" > < div class = "li" > < strong > Activation< / strong > : mettre à < code > Activé< / code > .< / div >
< / li >
< li class = "level1" > < div class = "li" > < strong > Path< / strong > : conserver < code > ^/oauth2/< / code > sauf s'il faut un autre chemin (dans ce cas, adapter la configuration Apache)< / div >
< / li >
< li class = "level1" > < div class = "li" > < strong > Règle d'utilisation< / strong > : une règle pour autoriser l'usage de ce module, mettre 1 pour toujours l'autoriser.< / div >
< / li >
< / ul >
< div class = "notetip" > Par exemple, pour n'autoriser que les utilisateurs authentifiés fortement :
< pre class = "code" > $authenticationLevel > 2< / pre >
< / div >
< / div > <!-- EDIT5 SECTION "IssuerDB" [1060 - 1545] -->
< h3 class = "sectionedit6" id = "configuration_of_llng_in_relying_party" > Configuration de LL::NG en "Relying Party" (client)< / h3 >
< div class = "level3" >
< p >
Chaque client (Relying Party) a sa propre forme de configuration. < abbr title = "LemonLDAP::NG" > LL::NG< / abbr > publie ses métadonnées OpenID-Connect pour faciliter la configuration du client.
< / p >
< p >
La métadonnée se trouve dans l'< abbr title = "Uniform Resource Locator" > URL< / abbr > standard “Well Known” : < a href = "http://auth.example.com/.well-known/openid-configuration" class = "urlextern" title = "http://auth.example.com/.well-known/openid-configuration" rel = "nofollow" > http://auth.example.com/.well-known/openid-configuration< / a >
< / p >
< p >
Un exemple de son contenu :
< / p >
< pre class = "code file javascript" > < span class = "br0" > {< / span >
< span class = "st0" > "end_session_endpoint"< / span > < span class = "sy0" > :< / span > < span class = "st0" > "http://auth.example.com/oauth2/logout"< / span > < span class = "sy0" > ,< / span >
< span class = "st0" > "jwks_uri"< / span > < span class = "sy0" > :< / span > < span class = "st0" > "http://auth.example.com/oauth2/jwks"< / span > < span class = "sy0" > ,< / span >
< span class = "st0" > "token_endpoint_auth_methods_supported"< / span > < span class = "sy0" > :< / span > < span class = "br0" > [< / span >
< span class = "st0" > "client_secret_post"< / span > < span class = "sy0" > ,< / span >
< span class = "st0" > "client_secret_basic"< / span >
< span class = "br0" > ]< / span > < span class = "sy0" > ,< / span >
< span class = "st0" > "token_endpoint"< / span > < span class = "sy0" > :< / span > < span class = "st0" > "http://auth.example.com/oauth2/token"< / span > < span class = "sy0" > ,< / span >
< span class = "st0" > "response_types_supported"< / span > < span class = "sy0" > :< / span > < span class = "br0" > [< / span >
< span class = "st0" > "code"< / span > < span class = "sy0" > ,< / span >
< span class = "st0" > "id_token"< / span > < span class = "sy0" > ,< / span >
< span class = "st0" > "id_token token"< / span > < span class = "sy0" > ,< / span >
< span class = "st0" > "code id_token"< / span > < span class = "sy0" > ,< / span >
< span class = "st0" > "code token"< / span > < span class = "sy0" > ,< / span >
< span class = "st0" > "code id_token token"< / span >
< span class = "br0" > ]< / span > < span class = "sy0" > ,< / span >
< span class = "st0" > "userinfo_signing_alg_values_supported"< / span > < span class = "sy0" > :< / span > < span class = "br0" > [< / span >
< span class = "st0" > "none"< / span > < span class = "sy0" > ,< / span >
< span class = "st0" > "HS256"< / span > < span class = "sy0" > ,< / span >
< span class = "st0" > "HS384"< / span > < span class = "sy0" > ,< / span >
< span class = "st0" > "HS512"< / span > < span class = "sy0" > ,< / span >
< span class = "st0" > "RS256"< / span > < span class = "sy0" > ,< / span >
< span class = "st0" > "RS384"< / span > < span class = "sy0" > ,< / span >
< span class = "st0" > "RS512"< / span >
< span class = "br0" > ]< / span > < span class = "sy0" > ,< / span >
< span class = "st0" > "id_token_signing_alg_values_supported"< / span > < span class = "sy0" > :< / span > < span class = "br0" > [< / span >
< span class = "st0" > "none"< / span > < span class = "sy0" > ,< / span >
< span class = "st0" > "HS256"< / span > < span class = "sy0" > ,< / span >
< span class = "st0" > "HS384"< / span > < span class = "sy0" > ,< / span >
< span class = "st0" > "HS512"< / span > < span class = "sy0" > ,< / span >
< span class = "st0" > "RS256"< / span > < span class = "sy0" > ,< / span >
< span class = "st0" > "RS384"< / span > < span class = "sy0" > ,< / span >
< span class = "st0" > "RS512"< / span >
< span class = "br0" > ]< / span > < span class = "sy0" > ,< / span >
< span class = "st0" > "userinfo_endpoint"< / span > < span class = "sy0" > :< / span > < span class = "st0" > "http://auth.example.com/oauth2/userinfo"< / span > < span class = "sy0" > ,< / span >
< span class = "st0" > "request_uri_parameter_supported"< / span > < span class = "sy0" > :< / span > < span class = "st0" > "true"< / span > < span class = "sy0" > ,< / span >
< span class = "st0" > "acr_values_supported"< / span > < span class = "sy0" > :< / span > < span class = "br0" > [< / span >
< span class = "st0" > "loa-4"< / span > < span class = "sy0" > ,< / span >
< span class = "st0" > "loa-1"< / span > < span class = "sy0" > ,< / span >
< span class = "st0" > "loa-3"< / span > < span class = "sy0" > ,< / span >
< span class = "st0" > "loa-5"< / span > < span class = "sy0" > ,< / span >
< span class = "st0" > "loa-2"< / span >
< span class = "br0" > ]< / span > < span class = "sy0" > ,< / span >
< span class = "st0" > "request_parameter_supported"< / span > < span class = "sy0" > :< / span > < span class = "st0" > "true"< / span > < span class = "sy0" > ,< / span >
< span class = "st0" > "subject_types_supported"< / span > < span class = "sy0" > :< / span > < span class = "br0" > [< / span >
< span class = "st0" > "public"< / span >
< span class = "br0" > ]< / span > < span class = "sy0" > ,< / span >
< span class = "st0" > "issuer"< / span > < span class = "sy0" > :< / span > < span class = "st0" > "http://auth.example.com/"< / span > < span class = "sy0" > ,< / span >
< span class = "st0" > "grant_types_supported"< / span > < span class = "sy0" > :< / span > < span class = "br0" > [< / span >
< span class = "st0" > "authorization_code"< / span > < span class = "sy0" > ,< / span >
< span class = "st0" > "implicit"< / span > < span class = "sy0" > ,< / span >
< span class = "st0" > "hybrid"< / span >
< span class = "br0" > ]< / span > < span class = "sy0" > ,< / span >
< span class = "st0" > "authorization_endpoint"< / span > < span class = "sy0" > :< / span > < span class = "st0" > "http://auth.example.com/oauth2/authorize"< / span > < span class = "sy0" > ,< / span >
< span class = "st0" > "check_session_iframe"< / span > < span class = "sy0" > :< / span > < span class = "st0" > "http://auth.example.com/oauth2/checksession"< / span > < span class = "sy0" > ,< / span >
< span class = "st0" > "scopes_supported"< / span > < span class = "sy0" > :< / span > < span class = "br0" > [< / span >
< span class = "st0" > "openid"< / span > < span class = "sy0" > ,< / span >
< span class = "st0" > "profile"< / span > < span class = "sy0" > ,< / span >
< span class = "st0" > "email"< / span > < span class = "sy0" > ,< / span >
< span class = "st0" > "address"< / span > < span class = "sy0" > ,< / span >
< span class = "st0" > "phone"< / span >
< span class = "br0" > ]< / span > < span class = "sy0" > ,< / span >
< span class = "st0" > "require_request_uri_registration"< / span > < span class = "sy0" > :< / span > < span class = "st0" > "false"< / span > < span class = "sy0" > ,< / span >
< span class = "st0" > "registration_endpoint"< / span > < span class = "sy0" > :< / span > < span class = "st0" > "http://auth.example.com/oauth2/register"< / span >
< span class = "br0" > }< / span > < / pre >
< / div > <!-- EDIT6 SECTION "Configuration of LL::NG in Relying Party" [1546 - 3524] -->
< h3 class = "sectionedit7" id = "configuration_of_relying_party_in_llng" > Configuration du client (Relying Party) dans LL::NG< / h3 >
< div class = "level3" >
< p >
Aller dans le Manager et choisir < code > Clients OpenID-Connect< / code > , cliquer ensuite sur < code > Ajouter un client OpenID< / code > . Donner un nom technique (sans espaces ni caratères speciaux), tel “sample-rp” ;
< / p >
< p >
On peut ensuite accéder à la configuration de ce RP.
< / p >
< / div >
< h4 id = "exported_attributes" > Attributs exportés< / h4 >
< div class = "level4" >
< p >
On peut faire correspondre les noms d'attributs de session < abbr title = "LemonLDAP::NG" > LL::NG< / abbr > à des < a href = "http://openid.net/specs/openid-connect-core-1_0.html#StandardClaims" class = "urlextern" title = "http://openid.net/specs/openid-connect-core-1_0.html#StandardClaims" rel = "nofollow" > "claim" OpenID-Connect< / a > .
< / p >
< / div > <!-- EDIT8 PLUGIN_INCLUDE_START_NOREDIRECT "documentation:2.0:openidconnectclaims" [0 - ] -->
< div class = "plugin_include_content plugin_include__documentation:2.0:openidconnectclaims" id = "plugin_include__documentation__2.0__openidconnectclaims" >
< div class = "level1" >
< div class = "table sectionedit10" > < table class = "inline table table-bordered table-striped" >
< thead >
< tr class = "row0 roweven" >
< th class = "col0" > Nom affiché < / th > < th class = "col1" > Type < / th > < th class = "col2" > Exemple de correspondance d'attributs LDAP < / th >
< / tr >
< / thead >
< tr class = "row1 rowodd" >
< td class = "col0" > sub < / td > < td class = "col1" > chaîne < / td > < td class = "col2" > uid < / td >
< / tr >
< tr class = "row2 roweven" >
< td class = "col0" > nom < / td > < td class = "col1" > chaîne < / td > < td class = "col2" > cn < / td >
< / tr >
< tr class = "row3 rowodd" >
< td class = "col0" > given_name < / td > < td class = "col1" > chaîne < / td > < td class = "col2" > givenName < / td >
< / tr >
< tr class = "row4 roweven" >
< td class = "col0" > family_name < / td > < td class = "col1" > chaîne < / td > < td class = "col2" > sn < / td >
< / tr >
< tr class = "row5 rowodd" >
< td class = "col0" > middle_name < / td > < td class = "col1" > chaîne < / td > < td class = "col2" > < / td >
< / tr >
< tr class = "row6 roweven" >
< td class = "col0" > nickname < / td > < td class = "col1" > chaîne < / td > < td class = "col2" > < / td >
< / tr >
< tr class = "row7 rowodd" >
< td class = "col0" > preferred_username < / td > < td class = "col1" > chaîne < / td > < td class = "col2" > displayName < / td >
< / tr >
< tr class = "row8 roweven" >
< td class = "col0" > profile < / td > < td class = "col1" > chaîne < / td > < td class = "col2" > labeledURI < / td >
< / tr >
< tr class = "row9 rowodd" >
< td class = "col0" > picture < / td > < td class = "col1" > chaîne < / td > < td class = "col2" > < / td >
< / tr >
< tr class = "row10 roweven" >
< td class = "col0" > website < / td > < td class = "col1" > chaîne < / td > < td class = "col2" > < / td >
< / tr >
< tr class = "row11 rowodd" >
< td class = "col0" > email < / td > < td class = "col1" > chaîne < / td > < td class = "col2" > mail < / td >
< / tr >
< tr class = "row12 roweven" >
< td class = "col0" > email_verified < / td > < td class = "col1" > boolean < / td > < td class = "col2" > < / td >
< / tr >
< tr class = "row13 rowodd" >
< td class = "col0" > gender < / td > < td class = "col1" > chaîne < / td > < td class = "col2" > < / td >
< / tr >
< tr class = "row14 roweven" >
< td class = "col0" > birthdate < / td > < td class = "col1" > chaîne < / td > < td class = "col2" > < / td >
< / tr >
< tr class = "row15 rowodd" >
< td class = "col0" > zoneinfo < / td > < td class = "col1" > chaîne < / td > < td class = "col2" > < / td >
< / tr >
< tr class = "row16 roweven" >
< td class = "col0" > locale < / td > < td class = "col1" > chaîne < / td > < td class = "col2" > preferredLanguage < / td >
< / tr >
< tr class = "row17 rowodd" >
< td class = "col0" > phone_number < / td > < td class = "col1" > chaîne < / td > < td class = "col2" > telephoneNumber < / td >
< / tr >
< tr class = "row18 roweven" >
< td class = "col0" > phone_number_verified < / td > < td class = "col1" > boolean < / td > < td class = "col2" > < / td >
< / tr >
< tr class = "row19 rowodd" >
< td class = "col0" > updated_at < / td > < td class = "col1" > chaîne < / td > < td class = "col2" > < / td >
< / tr >
< tr class = "row20 roweven" >
< td class = "col0" > formatted < / td > < td class = "col1" > chaîne < / td > < td class = "col2" > registeredAddress < / td >
< / tr >
< tr class = "row21 rowodd" >
< td class = "col0" > street_address < / td > < td class = "col1" > chaîne < / td > < td class = "col2" > street < / td >
< / tr >
< tr class = "row22 roweven" >
< td class = "col0" > locality < / td > < td class = "col1" > chaîne < / td > < td class = "col2" > l < / td >
< / tr >
< tr class = "row23 rowodd" >
< td class = "col0" > region < / td > < td class = "col1" > chaîne < / td > < td class = "col2" > st < / td >
< / tr >
< tr class = "row24 roweven" >
< td class = "col0" > postal_code < / td > < td class = "col1" > chaîne < / td > < td class = "col2" > postalCode < / td >
< / tr >
< tr class = "row25 rowodd" >
< td class = "col0" > country < / td > < td class = "col1" > chaîne < / td > < td class = "col2" > co < / td >
< / tr >
< / table > < / div > <!-- EDIT10 TABLE [38 - 861] -->
< / div > <!-- EDIT9 PLUGIN_INCLUDE_END "documentation:2.0:openidconnectclaims" [0 - ] -->
< / div >
< div class = "level4" >
< p >
Ainsi on peut définir par exemple:
< / p >
< ul >
< li class = "level1" > < div class = "li" > name ⇒ cn< / div >
< / li >
< li class = "level1" > < div class = "li" > family_name ⇒ sn< / div >
< / li >
< li class = "level1" > < div class = "li" > email ⇒ mail< / div >
< / li >
< / ul >
< div class = "noteimportant" > L'attribut spécifique < code > sub< / code > n'est pas défini ici, mais dans le paramètre d'attribut "User" (voir ci-dessous).
< / div >
< p >
On peut également définir des "claims" supplémentaires et les lier aux attributs (voir ci-dessous). Il faut ensuite définir la correspondance de ces nouveaux attributs, par exemple:
< / p >
< ul >
< li class = "level1" > < div class = "li" > birthplace ⇒ l< / div >
< / li >
< li class = "level1" > < div class = "li" > birthcountry ⇒ co< / div >
< / li >
< / ul >
< / div >
< h4 id = "options" > Options< / h4 >
< div class = "level4" >
< ul >
< li class = "level1" > < div class = "li" > < strong > Authentification< / strong > :< / div >
< ul >
< li class = "level2" > < div class = "li" > < strong > Identifiant< / strong > : identifiant client de ce RP< / div >
< / li >
< li class = "level2" > < div class = "li" > < strong > Mot-de-passe< / strong > : secret partagé avec ce RP (peut être utilisé pour la signature symétrique)< / div >
< / li >
< / ul >
< / li >
< li class = "level1" > < div class = "li" > < strong > Affichage< / strong > :< / div >
< ul >
< li class = "level2" > < div class = "li" > < strong > Affichage< / strong > : Nom de l'application RP< / div >
< / li >
< li class = "level2" > < div class = "li" > < strong > Logo< / strong > : Logo l'application RP< / div >
< / li >
< / ul >
< / li >
< li class = "level1" > < div class = "li" > < strong > Attribut utilisateur< / strong > : attribut de session à utiliser comme identifiant principal (< code > sub< / code > )< / div >
< / li >
< li class = "level1" > < div class = "li" > < strong > Algorithme de signature des jetons d'identité< / strong > : Choisir entre < code > none< / code > , < code > HS256< / code > , < code > HS384< / code > , < code > HS512< / code > , < code > RS256< / code > , < code > RS384< / code > , < code > RS512< / code > < / div >
< / li >
< li class = "level1" > < div class = "li" > < strong > Expiration des jetons d'identité< / strong > : Délai d'expiration des jetons d'identité< / div >
< / li >
< li class = "level1" > < div class = "li" > < strong > Expiration des jetons d'accès< / strong > : Délai d'expiration des jetons d'accès< / div >
< / li >
< li class = "level1" > < div class = "li" > < strong > Adresses de redirection< / strong > : liste d'adresses de redirection autorisées pour ce RP, séparées par des espaces< / div >
< / li >
< li class = "level1" > < div class = "li" > < strong > Bypass consent< / strong > : Enable if you never want to display the scope sharing consent screen (consent will be accepted by default). Bypassing the consent is < strong > not< / strong > compliant with OpenID Connect standard.< / div >
< / li >
< / ul >
2017-02-07 17:35:26 +01:00
< / div >
< h4 id = "extra_claims" > Extra claims< / h4 >
< div class = "level4" >
< p >
Associate attributes to extra claims if the RP request them, for example < code > birth< / code > ⇒ < code > birthplace birthcountry< / code >
< / p >
2016-10-15 19:57:54 +02:00
< / div > <!-- EDIT7 SECTION "Configuration of Relying Party in LL::NG" [3525 - ] -->
< / div >
< / body >
< / html >