dani/lemonldap-ng
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
9834e182f5
lemonldap-ng/doc/sources/admin/authopenidconnect_franceconnect.rst
Maxime Besson c3151cec8d Fix OIDC callback parameter name in doc
2021-09-20 14:45:34 +02:00

72 lines
2.2 KiB
ReStructuredText
Raw Blame History

France Connect
==============
|image0|
Presentation
------------
`France Connect <https://doc.integ01.dev-franceconnect.fr/>`__ is an
authentication platform made by French government.
.. attention::
It is for the moment only in BETA stage. This
documentation will explain how to configure LL::NG with the developer
reserved space.
Register on France Connect
--------------------------
Once :doc:`OpenID Connect service<openidconnectservice>` is configured,
you need to register to France Connect.
Use the following form:
https://doc.integ01.dev-franceconnect.fr/inscription.
You need to provide the callback URLs, for example
https://auth.domain.com/?openidconnectcallback=1.
You will then get a ``client_id`` and a ``client_secret``.
Declare France Connect in your LL::NG server
--------------------------------------------
Go in Manager and create a new OpenID Connect provider. You can call it
``france-connect`` for example.
Click on ``Metadata`` and set manually the metadata of the service,
using `France Connect
endpoints <https://doc.integ01.dev-franceconnect.fr/fournisseur-service>`__.
For example:
.. code-block:: javascript
{
"issuer": "https://fcp.integ01.dev-franceconnect.fr",
"authorization_endpoint": "https://fcp.integ01.dev-franceconnect.fr/api/v1/authorize",
"token_endpoint": "https://fcp.integ01.dev-franceconnect.fr/api/v1/token",
"userinfo_endpoint": "https://fcp.integ01.dev-franceconnect.fr/api/v1/userinfo",
"end_session_endpoint":"https://fcp.integ01.dev-franceconnect.fr/api/v1/logout"
}
You can skip JWKS data, they are not provided by France Connect. The
security relies on the symmetric key ``client_secret``.
Go in ``Exported attributes`` to choose which attributes from "identité
pivot" you want to collect. See
https://doc.integ01.dev-franceconnect.fr/identite-pivot
Now go in ``Options``:
- In ``Configuration``, register the ``client_id`` and
``client_secret`` given by France Connect
- In ``Protocol``, adapt the ``scope`` to the exported attributes you
want. See https://doc.integ01.dev-franceconnect.fr/fs-scopes
- In ``Display``, you can set the name and the logo
.. |image0| image:: /applications/franceconnect_logo.png
:class: align-center
Reference in New Issue View Git Blame Copy Permalink