Table of Contents

Google

Authentication Users Password

Presentation

Google proposes to allow applications to reuse its own authentication process using OpenID protocol (it means, if your are connected to Google, other applications can trust Google and let you in).

OpenID 2.0 support is closed since 20th April 2015. If you still need to use Google login after this date, use OpenID Connect authentication module.

Configuration

In Manager, go in General Parameters > Authentication modules and choose Google for authentication module. This will use email as login name (for accounting, session explorer,...). If you want to access to other datas, you have to use Google in General Parameters > Authentication modules > User module. Then in exported variables, you can ask only for :

Use the name you want but this values in the value field. If you want to require that a field is set, add "!" before the key name :

See also exported variables configuration.

A specific persistent session is created with this module, to store attribute values returned by Google. If this session is lost, Google will ask a confirmation for each requested attribute.

Google Migration

A Google Migration workaround is available since LemonLDAP::NG 1.4.4. It provides a specific and lightweight OpenID Connect module that will replace the current Google module.

This module is not available in version 1.9 and superior, you must use instead the OpenID Connect authentication module.

To use it, edit lemonldap-ng.ini (this is not available trough Manager) and configure: 

[portal]
authentication = GoogleMigration
googleClientId = XXXX
googleClientSecret = XXXX

You need to register your LemonLDAP::NG application to Google in order to obtain the Client ID and the Client Secret, see https://developers.google.com/

You also need to register to Google the redirect URI. You have to set your portal URL with the googlecb=1 GET parameter, for example: 

http://auth.example.com/?googlecb=1