documentation:1.0:authopenid

OpenID

Authentication Users Password

LL::NG can delegate authentication to an OpenID server. This requires Perl OpenID consumer module with at least version 1.0.

LL::NG can also act as OpenID server, that allows to interconnect two LL::NG systems.

LL::NG will then display a form with an OpenID input, wher users will type their OpenID login.

OpenID authentication can proposed as an alternate authentication scheme using the authentication choice method.

LL::NG can use a white list or a black list to filter allowed OpenID domains.

If OpenID is used as users database, attributes will be requested to the server with SREG extention.

In Manager, go in General Parameters > Authentication modules and choose OpenID for authentication and/or users.

Then, go in OpenID parameters:

  • Authentication level: authentication level for this module.
  • Secret token: used to check integrity of OpenID response.
  • Authorizated domain:
    • List type: choose white list to define allowed domains or black list to define forbidden domains
    • List: domains list (comma separated values)

To configure requested attributes, go in Variables > Exported variables and define attributes:

  • Key: internal session key, can be prefixed by ! to make the attribute required
  • Value: SREG attribute name:
    • fullname
    • nickname
    • language
    • postcode
    • timezone
    • country
    • gender
    • email
    • dob