BigBlueButton is a web conferencing system designed for online learning. It offers audio/video sharing, presentations with extended whiteboard capabilities - such as a pointer, zooming and drawing - public and private chat, breakout rooms, screen sharing, integrated VoIP using FreeSWITCH, and support for presentation of PDF documents and Microsoft Office documents.

Its user-facing interface, Greenlight, can be configured to authenticate users with OpenID Connect since version 2.7.17.



Make sure you have already enabled OpenID Connect on your LemonLDAP::NG server

Make sure you have generated a set of signing keys in OpenID Connect Service » Security » Keys

You also need to set a Signing key ID to a non-empty value of your choice.

Then, add a Relying Party with the following configuration

  • Options » Authentification » Client ID : choose a client ID, such as my_client_id

  • Options » Authentification » Client Secret : choose a client secret, such as my_client_secret

  • Options » Allowed redirection address : https://my_greenlight_server/b/auth/openid_connect/callback

  • Options » ID Token Signature Algorithm : RS256

  • Adjust your Exported Attributes to send the correct session variables in the email and name claims.


Configure the following environment variables in your greenlight .env file



  • Your ID Token Signature Algorithm has to be RSxxx, symmetric algorithms seem broken as of Greenlight 2.7.17

  • OAUTH2_REDIRECT must match the URL you use to access Greenlight. the auth/openid_connect/callback suffix must be omitted

  • Greenlight requires your LemonLDAP::NG server to be served over HTTPS using a publically recognized certificate authority (such as Let’s Encrypt)