From c3f26e31c17a1b8654df8864424f7b07d5d4fbb2 Mon Sep 17 00:00:00 2001 From: Paul Curie Date: Fri, 18 Jun 2021 15:48:39 +0200 Subject: [PATCH] documentation publik oidc --- .../admin/applications/logo-publik.png | Bin 0 -> 6986 bytes doc/sources/admin/applications/publik.rst | 53 ++++++++++++++++++ 2 files changed, 53 insertions(+) create mode 100644 doc/sources/admin/applications/logo-publik.png create mode 100644 doc/sources/admin/applications/publik.rst diff --git a/doc/sources/admin/applications/logo-publik.png b/doc/sources/admin/applications/logo-publik.png new file mode 100644 index 0000000000000000000000000000000000000000..50ee7ec1123af1ea34ecf937bb47375357c231df GIT binary patch literal 6986 zcmZvBbyQSe)b`L_Lw7i&q;yHmz|bJw4I&I7A)!b!BOyblASo@wc5Fo~mE8Ri|`7>-MKF@*{PT6rSd4_HI{Vd0ruE^6R< zfkN-2u;ogX+%L~XsNznOC4eyN*GxUIsfHcSl&D^9RFMo9blWCIGPdNNM{{Rmb35#6 zPjG#?-zy@ZrR`UjcajtzLobLksqyF@)&#rMut|EP!WN*JWLLe$N3 zo^0$A#Hz@I6ka#wDD_O%Xbq{qHlzHm3h2-Pfv*Tex&CU(J4*x9K^@PN?lF6n)PCs? zOapGBpwLMdVXrn#vu^+(SJGYy+>=k{5QaAvO*-|1M?+=p5r?^!>o7gt~;I%4uS~=#B$+1h|L7WD8Cl^?A7O zB`4SYkDdu;ZVguw7?cC))eE(i2}Q6BP5C}oNSk7qPZR+Xxcv5Ig3Bk1cx6!;<7Kf1 z5ee))#mz7%(TOqkR9>)QkTG2I0s|4?aJd4n$lG%~D~$@Q1IDJpH|rM|Lv1=%zSQuN zEA^4d3%pX>K0zD5ptrR1zkYEF01<~_^bdP(A1T(~@CpQDcgfH@MH&=n<(=rTZ{gbFa_^yG7DOHSq_U5b^~ko>cKd6=1;mUrRqd z12tm7J=CiQ_7;lY%&-^9@+b3Yo!c?=LYnP%I-Y3=THCbYzB#h{9ZVKsQOIkd>xzU1 ztlh)bd;pSw=GBsu$6pTJ+OLHHX-Oxl3pP#mdy%pRogb2*AYjj%cu7`){N$!7EjKz{GtMGu%UdVmt6qFaVRv@GH!`=CzP8j0tlf0RzBfeJMiz}~ z<8M)n96Vdh&{}{w#y++KBSi<5wm}8U%~@mB&=duYR*TPTD&#sd<@4cAJjS%wbF5Ch zB#1y;IkU7n_rSoVsWv<;WRWgoOs$&`7GVEwRTTd8r0MCn!2(5BLu@ooJ`-~CWZ{EK zBX}ix)g%{zBZ+ORl`vAo7>=mY-A$sf*c9WH4ff_xkeiS|9xm z0_kF~_)$^p>;X2;u@ET$QvyZ1E!h!ed)>f}0PsBg9&USvbqxs3burAp>sTi1na8z2 z1V*P4(>0sB+>JZ2pH!?Z#$W+H3#;Wc3Pm=3y=6@NbuggUo$-zE-kJvZo{H6HoT6+I zuHP?X9}*V|z9`HY@6OXuwucQlinzirvG_(PFqvi3Q#0OScJUGj{H-oRfZ~z(_)e^= znA||ym7A62+;1bwBQtI&UBKY3^D-Zn30}j@4yQE7TjA>tg7ffR{N9_xKE31kFNw`k z^p(l?s_1N?RA#-)qW2FDG{k(kZ{@WgkFe-vlpn3I?l=eHrv7!$7V2CFjl5>6&SAYv9CPbi?tgl=)k{|7`SV!4l5~;gTn*G(Fn+9Hd%@7pS2SxaY802; zZWqh{`F=5+_Z5=@72n_K{WdlB)9Vr9D{m{(@}kS1hGNAPQZM`{63ne4E3cP>Db=hW zNa8Hsa`ykQMv9%fmtEueZ&&pnw*P>8T=%qzR<}^C&)6UydHglLbO809xTst_Qr^** zBMeNaq*UE$y{MN`FDiY>NgI8blc5TGAX%|w9a1nfe0>lmb8^|~b5HF!sz74)M_1*z zvQR!5Pv=7@ihh9IXUjXHk>p9IJawjMg33)9Wt$oZQ<>dXmVyuCwpiAfD)by+EIh3Y z=(4qC4u$8X(+>&_S^KLKUQ*&7%V1oJPAhZpV;vKR(&QcGbsn(^K#f*YHsF+E;AKp& z^7k7xWsyE6AzTa_bfU-5I&wrpkR{6>gStMTFHak-ukdhYZGnBo@0Xe5;s$-qq0!VH z22CQd@T)_PN;3<@kt;9P9=90D2eo~qF~P3e84fG^XRk7jZk&X*L#Q%>25^4f6moo z#gCB}xGf&@(^Rhy*C}aRk#KtI^EGzo#dQ_4YG|sCGWcOjmBahAjB-3;@Q<*QediOW z#Y}f^di=fDiTGH)n$0@=>8x7VD;%)_bL+35+brZ*8Y$Q)k;_DtiO%uQUO20l64enne ze#goDI@~?$EHre0`tXwuue&MgDFjsK?5_ys>ZlV;>w|NkYHW$G^p3W5{p(Q{^5@rAgS^X zHjdrrE4q;Flyowz1!|n>V291!#4n_(PKxxR#KWIZ-?@@(LT>AvO{@9q39z-8%ipoF z`G&^?7qT^Mss!W}NV#m%oO~$4-I;IZ9hPO`wV*zoG7wx z3h4egAbH*_TB1!KMWG;Hx*q&Cfb1aq=Dz&hQeZ_)0;C|KgXYeK*oni=wo5I^me9n8 zv*$?TOP>?^8OM7+>HIDs|5T4Ve*YT!=8S?a@LS72#m`A;wHU&UgW{)bBJ*)n=*rhT zyoEnY{(uPUIdX`=;gOkYEp1Pwgo`YqUE?ZV^K2r(NkeQs-F?u(yKYw8-5B2y;k^CE zp72mBUcC{l-=>-c0f|Fz(>CGH19PubY-m4i7VCb#JQWAXjGg@EMWdCd{#X_)0Ql*m zyy=qrc;8c3EYs$?!5Zg*OGMT$Ie&6g6)2s# z0wivRo`MyA&bs}YzHBNuPu0cqlf9Onbx^d-#z7ZNt`*H{jgsR9D~rBAUv`mYiX2YK zeM0~pf0*TuKYXJ~VO|{padWei_*0|m_Qd!|;XQ>D=$E%zxufuk{Go5d(tOkm5bnhd zWRWY1#{EmJ{hWj2kXHXqnj}Ao=p;$VP?1=@d*^<6{ark#W5z?rO8I$>i$~JJx*fc-LxNC}yFxm-4+fWUJr$Pxw%5y4gJrUt78lWiI=?Xg8?;H%^y~EXEdAbxw?87<@XAo zQ}=hsHs+qso!Y7=G;@*nwH8DefV=BYCC~ z;9KT|*Y{R6iZ%2MUh;sjL+h+jp6O85w5VPN=6V)Ai3YX${zqz#I0pob< zateL=(Cf_U_hy;&o(=Vl&pl{ZBUlASt!bF2yBjc-yPl{y63==)p+XgR$kqV#NLJ=C z8nkwMtBTo0n7aL*4q>m}6zdKj%3UF_0aFCcbdj;*&qL>_XwQykw~s9$-=8z|Z2i+c8qPL>HWw&DJSt zPDH5$vsdiNNr@}(f=*KQry{;L>_GMtN&@*vpnZ=NyM*%cuvdtk#Yj!ZF`rJG%Mnnq z$?gA1HUso8v@5iT)!){GCh!D3$!7~3;t{3UD&6ax?A~SjQ!3fedAh61F_i+V+EdX< zfWmg?MSQ&kapLO>N{2C(;K)nk@7=$-J4hj?hdnnrph==-BZUJ7;rrjoT0QdduIj|r z9Il)NM<(B6P3~m%3y&a|hfB4y#z&&hFjmNmJYg zM=csbypQupcRwfRW}SAt^UA{_n9Qc5eY%>qe)OgREpcDdv5s3KZ{^89%<>-8;x#SKwEWFtz_?GYqm3kER-;d4 zR38{gD5P7x0}mAiB=Hd9>Jiz>U@a&$f3{ypdV6MQTr{DE+CQ2SF<#z(QF~ee-q=&+ zO-&)I`bJIBHJYD16yo(>`A1U*E4Ut|BH`>){A*7)1>U&O-}fMZrVqGl-@s_(z4{xZ z?Zbz?44#wD#x}o8XL+ou{7t%7i~{9=@mt2>RaQ7zM86XX}BMrb>DQn1qlY;{Ra}5300@xE_vAcucFt~;i5g7>{|IBC~5X;b#f}jl*feDi%Ko|rF z&^IY~1pC35(Z}aEyns{LrS0zt|M-}*)HXKX=bv!&viF@*Y0&18ARqw&!GHV>dMEo& z{&hoB1c`}>U=DV6G>xE)7T~|G|69O#xEnJK1qB>TPhZnbKBp4uyee?VAwVc4VEnvW zn4c$v=qG;oAZVdzKaroG4?x8sD7o!_lp8%`<077`BoWozA>%-0isD^gU#pnoMvomX z(!ZTCv9@L*BqRhO&m_w$DwM!qUXe;D1i+ij#29cWKDNr-3kO5=yHP4xS{q+gfxxG= zA$LJ)no)3a1h@#2RGA^}MpL4jC)gl`5y*+v?B_58a=?Os-=XM%$S>|_Aj2?1#9Y+_kO09lo(BqM@^t#n_ z(9C*dmGsRI^CU~ZwVM6tnpJ320(unOSYPk!s;7dFz`Z^F^T#3Hg{S(&1wU}15oWbq zOZaP%w|%%9RjW{V3yyp)_AXYaQ%VqKvCvhGr*9-)?Y>3os^cP1QN7oALS$rwOi!QP zyk2bap&-Ux-*sxQDSu)4^FSt3sb?m^Q_VU0S=KsUYHDi2FG?2r%}u-Qv0QJMBTT`kbMkjrbtQ%J+-`JB)zaC-EenN`eu~tZ7#W?jykAmSCIEF{ zmsV?5N}NegC+T5nX+eK3aVg88%tr22|0H>gL&WrZLex@-&&W3qFs<@R?yF@CioWd zj{MNUZE0!ocC@e86=P^%t|iHQB047b2i5#)^uVrRG48Sw=GNdW+qIgr~}vSPu+%xvd{ z*%?(<38xlEw4b9Smc!uK3yKTu{-zf%UaUc}0mfD4QHzU~CLIzMD*gv=k5|6ViTcP* zR*`X*N2s>Rq>7Zmdyhxs9~!v~UDkteY-3|%VcL+2Boh;pfe^_>Qs={|6&;T#=1S}h z2?m+Wau2_zo&<8#hSTNJcHY}%k-YNq@<@CAXl2e}@_zX@{AZ%XM@a7=uC7*ROA|&F=WYp6QVlT%IU|~a9w%8!!7K6L}8w^QDC~C3YadI|ykXI^Ki+P?D0)Y?=m;kF(EG!tqzvjEh z$0vAhmuCvZ?e4y)Z)%Ewuh~EHchWEv3Uc)3q(stv)vc(RW2Pfi2J`Uq`}z`~w(?pi z=d`minGH&}6wRKnQKa|inM(fZKo?X|m$9=0bF;fY%RD1zJJWwr93s1R{Gwh-Wq#$$ zd%@B7S+#cGqD`%G=ZBbX8zQ7bt@QM485wK)3oBb?ir~G!Z~NB->cR=w^-N9Ys^T5` zWpI4}Gg?$zEhk%BTNw`-d3mgl>e2O+ii)aN>w8>WT+tWs7AlictB~miz;QDfBy7| z$D>2dz#y4>hv8xAYqrq%{8{5`&- zmzFkPkm&vlk?F{OV}Gxu%b!+im7T?{`>J0OH9&2!wa()wxyza2ZfOVZS<<;Jg8pIB zZ7-V}8m<|)8c00$K&=%qGd~7(+(c2J=M7YgyKdIm_9o-D!oPQ%IiGntFe42ZvqzkN zylQID(t$~{(IEUF#YRdM6%`JX&)u-NcQ1{MjSEUjxEh(3Zv@&*QPCuf_SYFEfxE2< z=h_Z}fH(W_G>@s?21M%tCelT{|9^} BJGcM< literal 0 HcmV?d00001 diff --git a/doc/sources/admin/applications/publik.rst b/doc/sources/admin/applications/publik.rst new file mode 100644 index 000000000..be4c342e8 --- /dev/null +++ b/doc/sources/admin/applications/publik.rst @@ -0,0 +1,53 @@ +Publik +======= + +|image0| + +Presentation +------------ + +Publik is an open-source citizen relationship management tool. + +See `the official Publik website `__ for a +complete presentation. + +It feature an OpenID Connect login that work with LemonLDAP::NG. + +Configuring Publik +------------------- + +Connect to your publik instance authentic2 webui with an Admin user, in the admin panel, go to "Authentic2_Auth_Oidc" › "Oidc providers". + +Click on "Add Oidc Provider". + +* Nom : LemonLDAP SSO +* Identifiant court : lemonldap +* Émetteur : https://auth.example.com/ +* client id : clientid +* client secret : secret +* authorization endpoint : https://auth.example.com/oauth2/authorize +* token endpoint : https://auth.example.com/oauth2/token +* userinfo endpoint : https://auth.example.com/oauth2/userinfo +* end session endpont : https://auth.example.com/oauth2/logout +* WebKey JSON : Copy/Paste the content of https://auth.example.com/oauth2/jwks +* Claims Enabled : yes +* Show on connection page : yes + +Strategy and Collectivity can be configured based to your needs. + +OIDC Claim mappings can be configured based on your needs. + +Configuring LemonLDAP +~~~~~~~~~~~~~~~~~~~~~ + +We now have to configure LemonLDAP::NG to recognize publik as a valid OIDC relying party. + +Add a :doc:`new OpenID Connect relying party<..//idpopenidconnect>` +with the following parameters (Options -> Basic) : + +* **Client ID**: the same you set in Publik configuration. +* **Client Secret**: the same you set in Publik configuration. +* **Allowed redirection addresses for login**: The "Callback URL" for authentic2 : https://authentic2-instance/accounts/oidc/callback/ + +.. |image0| image:: /applications/logo-publik.png + :class: align-center