OpenID ====== ============== ===== ======== Authentication Users Password ============== ===== ======== ✔ ✔ ============== ===== ======== .. danger:: OpenID protocol is deprecated. You should now use :doc:`OpenID Connect`. Presentation ------------ LL::NG can delegate authentication to an OpenID server. This requires `Perl OpenID consumer module `__ with at least version 1.0. .. tip:: LL::NG can also act as :doc:`OpenID server`, that allows one to interconnect two LL::NG systems. LL::NG will then display a form with an OpenID input, where users will type their OpenID login. .. tip:: OpenID authentication can proposed as an alternate authentication scheme using the :doc:`authentication choice` method. LL::NG can use a white list or a black list to filter allowed OpenID domains. If OpenID is used as users database, attributes will be requested to the server with SREG extension. Configuration ------------- In Manager, go in ``General Parameters`` > ``Authentication modules`` and choose OpenID for authentication and/or users. Then, go in ``OpenID parameters``: - **Authentication level**: authentication level for this module. - **Secret token**: used to check integrity of OpenID response. - **Authorized domain**: - **List type**: choose white list to define allowed domains or black list to define forbidden domains - **List**: domains list (comma separated values) To configure requested attributes, edit **Exported variables** and define attributes: - **Key**: internal session key, can be prefixed by ``!`` to make the attribute required - **Value**: SREG attribute name: - fullname - nickname - language - postcode - timezone - country - gender - email - dob See also :doc:`exported variables configuration`. .. attention:: Browser implementations of formAction directive are inconsistent (e.g. Firefox doesn't block the redirects whereas Chrome does). Administrators may have to modify formAction value with wildcard likes \*. In Manager, go in: ``General Parameters`` > ``Advanced Parameters`` > ``Security`` > ``Content Security Policy`` > ``Form destination``