<ahref="https://doc.integ01.dev-franceconnect.fr/"class="urlextern"title="https://doc.integ01.dev-franceconnect.fr/"rel="nofollow">France Connect</a> is an authentication platform made by French government.
</p>
<divclass="noteimportant">It is for the moment only in BETA stage. This documentation will explain how to configure <abbrtitle="LemonLDAP::NG">LL::NG</abbr> with the developer reserved space.
</div>
</div>
<!-- EDIT2 SECTION "Presentation" [83-383] -->
<h2class="sectionedit3"id="register_on_france_connect">Register on France Connect</h2>
<divclass="level2">
<p>
Once <ahref="openidconnectservice.html"class="wikilink1"title="documentation:2.0:openidconnectservice">OpenID Connect service</a> is configured, you need to register to France Connect.
</p>
<p>
Use the following form: <ahref="https://doc.integ01.dev-franceconnect.fr/inscription"class="urlextern"title="https://doc.integ01.dev-franceconnect.fr/inscription"rel="nofollow">https://doc.integ01.dev-franceconnect.fr/inscription</a>.
</p>
<p>
You need to provide the callback URLs, for example <ahref="https://auth.domain.com/?openidcallback=1"class="urlextern"title="https://auth.domain.com/?openidcallback=1"rel="nofollow">https://auth.domain.com/?openidcallback=1</a>.
</p>
<p>
You will then get a <code>client_id</code> and a <code>client_secret</code>.
</p>
</div>
<!-- EDIT3 SECTION "Register on France Connect" [384-770] -->
<h2class="sectionedit4"id="declare_france_connect_in_your_llng_server">Declare France Connect in your LL::NG server</h2>
<divclass="level2">
<p>
Go in Manager and create a new OpenID Connect provider. You can call it <code>france-connect</code> for example.
</p>
<p>
Click on <code>Metadata</code> and set manually the metadata of the service, using <ahref="https://doc.integ01.dev-franceconnect.fr/fournisseur-service"class="urlextern"title="https://doc.integ01.dev-franceconnect.fr/fournisseur-service"rel="nofollow">France Connect endpoints</a>. For example:
You can skip JWKS data, they are not provided by France Connect. The security relies on the symmetric key <code>client_secret</code>.
</p>
<p>
Go in <code>Exported attributes</code> to choose which attributes from “identité pivot” you want to collect. See <ahref="https://doc.integ01.dev-franceconnect.fr/identite-pivot"class="urlextern"title="https://doc.integ01.dev-franceconnect.fr/identite-pivot"rel="nofollow">https://doc.integ01.dev-franceconnect.fr/identite-pivot</a>
</p>
<p>
Now go in <code>Options</code>:
</p>
<ul>
<liclass="level1"><divclass="li"> In <code>Configuration</code>, register the <code>client_id</code> and <code>client_secret</code> given by France Connect</div>
</li>
<liclass="level1"><divclass="li"> In <code>Protocol</code>, adapt the <code>scope</code> to the exported attributes you want. See <ahref="https://doc.integ01.dev-franceconnect.fr/fs-scopes"class="urlextern"title="https://doc.integ01.dev-franceconnect.fr/fs-scopes"rel="nofollow">https://doc.integ01.dev-franceconnect.fr/fs-scopes</a></div>
</li>
<liclass="level1"><divclass="li"> In <code>Display</code>, you can set the name and the logo</div>
</li>
</ul>
</div>
<!-- EDIT4 SECTION "Declare France Connect in your LL::NG server" [771-] --></div>