133 lines
5.6 KiB
HTML
133 lines
5.6 KiB
HTML
|
|
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
|
|
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
|
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="fr"
|
|
lang="fr" dir="ltr">
|
|
|
|
<head>
|
|
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
|
|
<title></title><!-- metadata --><!-- style sheet links -->
|
|
|
|
<meta name="generator" content="Hors ligne" />
|
|
<meta name="version" content="Hors-ligne 0.1" />
|
|
|
|
<link rel="stylesheet" media="all" type="text/css" href="../../../css/all.css" />
|
|
<link rel="stylesheet" media="screen" type="text/css" href="../../../css/screen.css" />
|
|
<link rel="stylesheet" media="print" type="text/css" href="../../../css/print.css" />
|
|
|
|
</head>
|
|
<body>
|
|
<div class="dokuwiki export">
|
|
|
|
|
|
<h1 class="sectionedit1" id="google">Google</h1>
|
|
<div class="level1">
|
|
<div class="table sectionedit2"><table class="inline">
|
|
<thead>
|
|
<tr class="row0 roweven">
|
|
<th class="col0 centeralign"> Authentification </th><th class="col1 centeralign"> Utilisateurs </th><th class="col2 centeralign"> Mot-de-passe </th>
|
|
</tr>
|
|
</thead>
|
|
<tr class="row1 rowodd">
|
|
<td class="col0 centeralign"> ✔ </td><td class="col1 centeralign"> ✔ </td><td class="col2"> </td>
|
|
</tr>
|
|
</table></div><!-- EDIT2 TABLE [23-86] -->
|
|
|
|
</div><!-- EDIT1 SECTION "Google" [1-87] -->
|
|
|
|
<h2 class="sectionedit3" id="presentation">Présentation</h2>
|
|
<div class="level2">
|
|
|
|
<p>
|
|
Google propose d'autoriser les applications à réutiliser son propre processus d'authentification en utilisant le protocole <a href="http://fr.wikipedia.org/wiki/OpenID" class="urlextern" title="http://fr.wikipedia.org/wiki/OpenID" rel="nofollow">OpenID</a> (ce qui signifie que si on est connecté à Google, d'autres applications peuvent agréer Google et accepter l'utilisateur).
|
|
</p>
|
|
|
|
<p>
|
|
</p><p></p><div class="notewarning">OpenID 2.0 support is closed since 20th April 2015. If you still need to use Google login after this date, use <a href="../../documentation/1.9/authopenidconnect.html" class="wikilink1" title="documentation:1.9:authopenidconnect">OpenID Connect authentication module</a>.
|
|
|
|
</div></p>
|
|
</p>
|
|
|
|
</div><!-- EDIT3 SECTION "Presentation" [88-544] -->
|
|
|
|
<h2 class="sectionedit4" id="configuration">Configuration</h2>
|
|
<div class="level2">
|
|
|
|
<p>
|
|
Dans le manager, allez dans <code>Paramètres generaux</code> > <code>Modules d'authentification</code> et choisissez Google comme module d'authentication. L'adresse email est utilisée comme nom de compte (pour la traçabilité, l'explorateur de session,…). Pour accéder aux autres données, utiliser Google in <code>Paramètres generaux</code> > <code>Modules d'authentification > Modules d'utilisateurs</code>. Ensuite dans les « variables exportées », on ne peut demander que :
|
|
</p>
|
|
<ul>
|
|
<li class="level1"><div class="li"> country</div>
|
|
</li>
|
|
<li class="level1"><div class="li"> email</div>
|
|
</li>
|
|
<li class="level1"><div class="li"> firstname</div>
|
|
</li>
|
|
<li class="level1"><div class="li"> language</div>
|
|
</li>
|
|
<li class="level1"><div class="li"> lastname</div>
|
|
</li>
|
|
</ul>
|
|
|
|
<p>
|
|
Utiliser n'importe quel nom de clef mais ces valeurs dans le champ « valeur ». If you want to require that a field is set, add “!” before the key name :
|
|
</p>
|
|
<ul>
|
|
<li class="level1"><div class="li"> “myfield ⇒ firstname” can be “”</div>
|
|
</li>
|
|
<li class="level1"><div class="li"> “!myfield ⇒ lastname” must be set</div>
|
|
</li>
|
|
</ul>
|
|
|
|
<p>
|
|
|
|
See also <a href="../../documentation/1.9/exportedvars.html" class="wikilink1" title="documentation:1.9:exportedvars">exported variables configuration</a>.
|
|
|
|
</p>
|
|
|
|
<p>
|
|
</p><p></p><div class="noteimportant">Une session persistente est créée avec ce module pour stocker les valeurs d'attribut renvoyées par Google. Si cette session est perdue, Google redemandera confirmation pour chaque attribut demandé.
|
|
</div></p>
|
|
</p>
|
|
|
|
</div><!-- EDIT4 SECTION "Configuration" [545-1491] -->
|
|
|
|
<h2 class="sectionedit5" id="google_migration">Google Migration</h2>
|
|
<div class="level2">
|
|
|
|
<p>
|
|
|
|
A Google Migration workaround is available since LemonLDAP::NG 1.4.4. It provides a specific and lightweight OpenID Connect module that will replace the current Google module.
|
|
|
|
</p>
|
|
|
|
<p>
|
|
</p><p></p><div class="noteimportant">This module is not available in version 1.9 and superior, you must use instead the <a href="../../documentation/1.9/authopenidconnect.html" class="wikilink1" title="documentation:1.9:authopenidconnect">OpenID Connect authentication module</a>.
|
|
|
|
</div></p>
|
|
</p>
|
|
|
|
<p>
|
|
|
|
To use it, edit lemonldap-ng.ini (this is not available trough Manager) and configure:
|
|
|
|
</p>
|
|
<pre class="code file ini"><span class="re0"><span class="br0">[</span>portal<span class="br0">]</span></span>
|
|
<span class="re1">authentication</span> <span class="sy0">=</span><span class="re2"> GoogleMigration</span>
|
|
<span class="re1">googleClientId</span> <span class="sy0">=</span><span class="re2"> XXXX</span>
|
|
<span class="re1">googleClientSecret</span> <span class="sy0">=</span><span class="re2"> XXXX</span></pre>
|
|
|
|
<p>
|
|
|
|
You need to register your LemonLDAP::NG application to Google in order to obtain the Client ID and the Client Secret, see <a href="https://developers.google.com/" class="urlextern" title="https://developers.google.com/" rel="nofollow">https://developers.google.com/</a>
|
|
</p>
|
|
|
|
<p>
|
|
|
|
You also need to register to Google the redirect <abbr title="Uniform Resource Identifier">URI</abbr>. You have to set your portal <abbr title="Uniform Resource Locator">URL</abbr> with the googlecb=1 GET parameter, for example:
|
|
|
|
</p>
|
|
<pre class="code">http://auth.example.com/?googlecb=1</pre>
|
|
|
|
</div>
|
|
</div><!-- closes <div class="dokuwiki export">--></body></html> |