Typos & Doc
This commit is contained in:
parent
9550230dd4
commit
f66fcc9ee8
|
@ -256,6 +256,4 @@ Options
|
|||
with ``verify_hostname => 0`` and ``SSL_verify_mode => 0``.
|
||||
|
||||
|
||||
Go to:
|
||||
|
||||
``General Parameters > Advanced Parameters > Security > SSL options for server requests``
|
||||
Go to: ``General Parameters > Advanced Parameters > Security > SSL options for server requests``
|
|
@ -162,7 +162,7 @@ Exported attributes
|
|||
|
||||
.. warning::
|
||||
|
||||
By default, only `standard OpenID Connect claims <http://openid.net/specs/openid-connect-core-1_0.html#StandardClaims>`__ are visible to applications. If you want to add non-standard attributes, you must create a new scope in the *Scope values content* section and make your application request it
|
||||
By default, only `standard OpenID Connect claims <http://openid.net/specs/openid-connect-core-1_0.html#StandardClaims>`__ are exposed to applications. If you want to add non-standard attributes, you must create a new scope in the *Scope values content* section and make your application request it.
|
||||
|
||||
For each OpenID Connect attribute you want to release to applications, you can define:
|
||||
|
||||
|
@ -281,8 +281,8 @@ Options
|
|||
sharing consent screen (consent will be accepted by default).
|
||||
Bypassing the consent is **not** compliant with OpenID Connect
|
||||
standard.
|
||||
- **User attribute**: session field that will be used as main
|
||||
identifier (``sub``)
|
||||
- **User attribute**: Session field that will be used as main
|
||||
identifier (``sub``). Default value is ``whatToTrace``.
|
||||
- **Force claims to be returned in ID Token**: This options will
|
||||
make user attributes from the requested scope appear as ID Token
|
||||
claims.
|
||||
|
|
|
@ -35,13 +35,12 @@ values unless you have a specific need to change them.
|
|||
Authentication context
|
||||
~~~~~~~~~~~~~~~~~~~~~~
|
||||
|
||||
You can associate here an authentication context to an authentication
|
||||
level.
|
||||
You can associate here an authentication context to an authentication level.
|
||||
|
||||
Security
|
||||
~~~~~~~~
|
||||
|
||||
- **Keys** : define public/private key pair to do asymmetric signature. A JWKS
|
||||
- **Keys**: Define public/private key pair to do asymmetric signature. A JWKS
|
||||
``kid`` (Key ID) is automatically derived when generating new keys.
|
||||
- **Dynamic Registration**: Set to 1 to allow clients to register
|
||||
themselves. This may be a security risk as this will create a new
|
||||
|
@ -93,9 +92,8 @@ is registered through the ``/oauth2/register`` endpoint:
|
|||
Key rotation script
|
||||
-------------------
|
||||
|
||||
OpenID Connect specification let the possibility to rotate keys to
|
||||
improve security. LL::NG provide a script to do this, that should be put
|
||||
in a cronjob.
|
||||
OpenID Connect specifications allow to rotate keys to improve security.
|
||||
LL::NG provides a script to do this, that should be used in a cronjob.
|
||||
|
||||
The script is ``/usr/share/lemonldap-ng/bin/rotateOidcKeys``. It can be
|
||||
run for example each week:
|
||||
|
@ -107,7 +105,7 @@ run for example each week:
|
|||
|
||||
.. tip::
|
||||
|
||||
Set the correct Apache user, else generated configuration will
|
||||
Set the correct Web server user, else generated configuration will
|
||||
not be readable by LL::NG.
|
||||
|
||||
Session management
|
||||
|
|
Loading…
Reference in New Issue