diff --git a/Makefile b/Makefile
index 9d36c680a..e63820dce 100644
--- a/Makefile
+++ b/Makefile
@@ -353,6 +353,7 @@ install_portal_site: install_conf_dir
@cp -pR -f ${SRCPORTALDIR}/example/index_skin.pl ${RPORTALDIR}/index.pl
@cp -pR -f ${SRCPORTALDIR}/example/mail.pl ${RPORTALDIR}
@cp -pR -f ${SRCPORTALDIR}/example/metadata.pl ${RPORTALDIR}
+ @cp -pR -f ${SRCPORTALDIR}/example/openid-configuration.pl ${RPORTALDIR}
@cp -pR -f ${SRCPORTALDIR}/example/cdc.pl ${RPORTALDIR}
@cp -pR -f ${SRCPORTALDIR}/example/register.pl ${RPORTALDIR}
@tar -cf - -C ${SRCPORTALDIR}/example/skins/ $$(ls ${SRCPORTALDIR}/example/skins/) |tar -xf - -C $(RPORTALSKINSDIR)
@@ -653,6 +654,7 @@ debian-diff:
@$(DIFF) lemonldap-ng-portal/example/index_skin.pl $(DIFFPREFIX)/var/lib/lemonldap-ng/portal/index.pl ||true
@$(DIFF) lemonldap-ng-portal/example/mail.pl $(DIFFPREFIX)/var/lib/lemonldap-ng/portal/mail.pl ||true
@$(DIFF) lemonldap-ng-portal/example/metadata.pl $(DIFFPREFIX)/var/lib/lemonldap-ng/portal/metadata.pl ||true
+ @$(DIFF) lemonldap-ng-portal/example/openid-configuration.pl $(DIFFPREFIX)/var/lib/lemonldap-ng/portal/openid-configuration.pl ||true
@$(DIFF) lemonldap-ng-portal/example/cdc.pl $(DIFFPREFIX)/var/lib/lemonldap-ng/portal/cdc.pl ||true
@$(DIFF) lemonldap-ng-portal/example/register.pl $(DIFFPREFIX)/var/lib/lemonldap-ng/portal/register.pl ||true
@# Handler
@@ -685,6 +687,7 @@ default-diff:
@$(DIFF) lemonldap-ng-portal/example/mail.pl $(LMPREFIX)/htdocs/portal/mail.pl ||true
@$(DIFF) lemonldap-ng-portal/example/register.pl $(LMPREFIX)/htdocs/portal/register.pl ||true
@$(DIFF) lemonldap-ng-portal/example/metadata.pl $(LMPREFIX)/htdocs/portal/metadata.pl ||true
+ @$(DIFF) lemonldap-ng-portal/example/openid-configuration.pl $(LMPREFIX)/htdocs/portal/openid-configuration.pl ||true
@$(DIFF) lemonldap-ng-portal/example/cdc.pl $(LMPREFIX)/htdocs/portal/cdc.pl ||true
@# Handler
@$(DIFF) lemonldap-ng-handler/lib/Lemonldap/NG/Handler /usr/local/share/perl/$(PERLVERSION)/Lemonldap/NG/Handler ||true
diff --git a/_example/etc/portal-apache.conf b/_example/etc/portal-apache.conf
index 1ba5fe049..74348a9f1 100644
--- a/_example/etc/portal-apache.conf
+++ b/_example/etc/portal-apache.conf
@@ -75,6 +75,7 @@
RewriteEngine On
RewriteRule ^/oauth2/.* /index.pl
+ RewriteRule ^/.well-known/openid-configuration$ /openid-configuration.pl
diff --git a/_example/etc/portal-apache2.4.conf b/_example/etc/portal-apache2.4.conf
index c072de6f7..9a2b5a9dd 100644
--- a/_example/etc/portal-apache2.4.conf
+++ b/_example/etc/portal-apache2.4.conf
@@ -69,6 +69,7 @@
RewriteEngine On
RewriteRule ^/oauth2/.* /index.pl
+ RewriteRule ^/.well-known/openid-configuration$ /openid-configuration.pl
diff --git a/_example/etc/portal-apache2.conf b/_example/etc/portal-apache2.conf
index fe398d9da..a9dac7ffb 100644
--- a/_example/etc/portal-apache2.conf
+++ b/_example/etc/portal-apache2.conf
@@ -74,6 +74,7 @@
RewriteEngine On
RewriteRule ^/oauth2/.* /index.pl
+ RewriteRule ^/.well-known/openid-configuration$ /openid-configuration.pl
diff --git a/lemonldap-ng-portal/MANIFEST b/lemonldap-ng-portal/MANIFEST
index e20ee3ed5..f0897604e 100644
--- a/lemonldap-ng-portal/MANIFEST
+++ b/lemonldap-ng-portal/MANIFEST
@@ -8,6 +8,7 @@ example/index_skin.pl
example/mail.pl
example/metadata.pl
example/oauth2.pl
+example/openid-configuration.pl
example/PortalStatus.pl
example/register.pl
example/scripts/buildPortalWSDL
diff --git a/lemonldap-ng-portal/example/openid-configuration.pl b/lemonldap-ng-portal/example/openid-configuration.pl
new file mode 100755
index 000000000..479cafd12
--- /dev/null
+++ b/lemonldap-ng-portal/example/openid-configuration.pl
@@ -0,0 +1,56 @@
+#!/usr/bin/perl
+
+use Lemonldap::NG::Portal::SharedConf;
+use JSON;
+use strict;
+
+my $portal = Lemonldap::NG::Portal::SharedConf->new();
+
+my $issuerDBOpenIDConnectPath = $portal->{issuerDBOpenIDConnectPath};
+my $authorize_uri = $portal->{oidcServiceMetaDataAuthorizeURI};
+my $token_uri = $portal->{oidcServiceMetaDataTokenURI};
+my $userinfo_uri = $portal->{oidcServiceMetaDataUserInfoURI};
+
+my ($path) = ( $issuerDBOpenIDConnectPath =~ /(\w+)/ );
+my $issuer = $portal->{oidcServiceMetaDataIssuer};
+
+# Create OpenID configuration hash;
+my $configuration = {};
+$configuration->{issuer} = $issuer;
+$configuration->{authorization_endpoint} =
+ $issuer . $path . "/" . $authorize_uri;
+$configuration->{token_endpoint} = $issuer . $path . "/" . $token_uri;
+$configuration->{userinfo_endpoint} = $issuer . $path . "/" . $userinfo_uri;
+
+# MANDATORY # $configuration->{jwks_uri}
+# RECOMMENDED # $configuration->{registration_endpoint}
+$configuration->{scopes_supported} = [qw/openid profile email address phone/];
+$configuration->{response_types_supported} = [
+ "code",
+ "id_token",
+ "id_token token",
+ "code id_token",
+ "code token",
+ "code id_token token"
+];
+
+# $configuration->{response_modes_supported}
+$configuration->{grant_types_supported} =
+ [qw/authorization_code implicit hybrid/];
+
+# $configuration->{acr_values_supported}
+# REQUIRED # $configuration->{subject_types_supported}
+$configuration->{id_token_signing_alg_values_supported} =
+ [qw/none RS256 RS384 RS512/];
+
+# $configuration->{id_token_encryption_alg_values_supported}
+# $configuration->{id_token_encryption_enc_values_supported}
+# $configuration->{userinfo_encryption_alg_values_supported}
+# $configuration->{userinfo_encryption_enc_values_supported}
+# $configuration->{request_object_signing_alg_values_supported}
+# $configuration->{request_object_encryption_alg_values_supported}
+
+my $json = encode_json $configuration;
+
+print $portal->header('application/json; charset=utf-8');
+print $json;