lemonldap-ng/doc/pages/documentation/current/authgoogle.html

<!DOCTYPE html>
<html lang="en" dir="ltr">
<head>
  <meta charset="utf-8" />
  <title>documentation:2.0:authgoogle</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<meta name="keywords" content="documentation,2.0,authgoogle"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="authgoogle.html"/>
<link rel="contents" href="authgoogle.html" title="Sitemap"/>
<link rel="stylesheet" type="text/css" href="lib/exe/css.php.t.bootstrap3.css"/>
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.min.css"/>
<script type="text/javascript">/*<![CDATA[*/var NS='documentation:2.0';var JSINFO = {"id":"documentation:2.0:authgoogle","namespace":"documentation:2.0"};
/*!]]>*/</script>
<script type="text/javascript" charset="utf-8" src="lib/exe/js.php.t.bootstrap3.js"></script>
</head>
<body>
<div class="dokuwiki export container">
<!-- TOC START -->
<div id="dw__toc">
<h3 class="toggle">Table of Contents</h3>
<div>

<ul class="toc">
<li class="level1"><div class="li"><a href="#presentation">Presentation</a></div></li>
<li class="level1"><div class="li"><a href="#configuration">Configuration</a></div></li>
<li class="level1"><div class="li"><a href="#google_migration">Google Migration</a></div></li>
</ul>
</div>
</div>
<!-- TOC END -->

<h1 class="sectionedit1" id="google">Google</h1>
<div class="level1">
<div class="table sectionedit2"><table class="inline table table-bordered table-striped">
	<thead>
	<tr class="row0 roweven">
		<th class="col0 centeralign">  Authentication  </th><th class="col1 centeralign">  Users  </th><th class="col2 centeralign">  Password  </th>
	</tr>
	</thead>
	<tr class="row1 rowodd">
		<td class="col0 centeralign">  ✔  </td><td class="col1 centeralign">  ✔  </td><td class="col2"> </td>
	</tr>
</table></div>
<!-- EDIT2 TABLE [23-86] -->
</div>
<!-- EDIT1 SECTION "Google" [1-87] -->
<h2 class="sectionedit3" id="presentation">Presentation</h2>
<div class="level2">

<p>
Google proposes to allow applications to reuse its own authentication process using <a href="http://en.wikipedia.org/wiki/OpenID" class="urlextern" title="http://en.wikipedia.org/wiki/OpenID"  rel="nofollow">OpenID</a> protocol (it means, if your are connected to Google, other applications can trust Google and let you in).
</p>
<div class="notewarning">OpenID 2.0 support is closed since 20th April 2015. If you still need to use Google login after this date, use <a href="authopenidconnect.html" class="wikilink1" title="documentation:2.0:authopenidconnect">OpenID Connect authentication module</a>.
</div>
</div>
<!-- EDIT3 SECTION "Presentation" [88-544] -->
<h2 class="sectionedit4" id="configuration">Configuration</h2>
<div class="level2">

<p>
In Manager, go in <code>General Parameters</code> &gt; <code>Authentication modules</code> and choose Google for authentication module. This will use email as login name (for accounting, session explorer,…). If you want to access to other datas, you have to use Google in <code>General Parameters</code> &gt; <code>Authentication modules &gt; User module</code>. Then in exported variables, you can ask only for :
</p>
<ul>
<li class="level1"><div class="li"> country</div>
</li>
<li class="level1"><div class="li"> email</div>
</li>
<li class="level1"><div class="li"> firstname</div>
</li>
<li class="level1"><div class="li"> language</div>
</li>
<li class="level1"><div class="li"> lastname</div>
</li>
</ul>

<p>
Use the name you want but this values in the value field. If you want to require that a field is set, add “!” before the key name :
</p>
<ul>
<li class="level1"><div class="li"> “myfield ⇒ firstname” can be “”</div>
</li>
<li class="level1"><div class="li"> “!myfield ⇒ lastname” must be set</div>
</li>
</ul>

<p>
See also <a href="exportedvars.html" class="wikilink1" title="documentation:2.0:exportedvars">exported variables configuration</a>.
</p>
<div class="noteimportant">A specific persistent session is created with this module, to store attribute values returned by Google. If this session is lost, Google will ask a confirmation for each requested attribute.
</div>
</div>
<!-- EDIT4 SECTION "Configuration" [545-1491] -->
<h2 class="sectionedit5" id="google_migration">Google Migration</h2>
<div class="level2">

<p>
A Google Migration workaround is available since LemonLDAP::NG 1.4.4. It provides a specific and lightweight OpenID Connect module that will replace the current Google module.
</p>
<div class="noteimportant">This module is not available in version 1.9 and superior, you must use instead the <a href="authopenidconnect.html" class="wikilink1" title="documentation:2.0:authopenidconnect">OpenID Connect authentication module</a>.
</div>
<p>
To use it, edit lemonldap-ng.ini (this is not available trough Manager) and configure:
</p>
<pre class="code file ini"><span class="re0"><span class="br0">&#91;</span>portal<span class="br0">&#93;</span></span>
<span class="re1">authentication</span> <span class="sy0">=</span><span class="re2"> GoogleMigration</span>
<span class="re1">googleClientId</span> <span class="sy0">=</span><span class="re2"> XXXX</span>
<span class="re1">googleClientSecret</span> <span class="sy0">=</span><span class="re2"> XXXX</span></pre>

<p>
You need to register your LemonLDAP::NG application to Google in order to obtain the Client ID and the Client Secret, see <a href="https://developers.google.com/" class="urlextern" title="https://developers.google.com/"  rel="nofollow">https://developers.google.com/</a>
</p>

<p>
You also need to register to Google the redirect <abbr title="Uniform Resource Identifier">URI</abbr>. You have to set your portal <abbr title="Uniform Resource Locator">URL</abbr> with the googlecb=1 GET parameter, for example:
</p>
<pre class="code">http://auth.example.com/?googlecb=1</pre>

</div>
<!-- EDIT5 SECTION "Google Migration" [1492-] --></div>
</body>
</html>