Differences

This shows you the differences between two versions of the page.

Link to this comparison view

documentation:2.1:authopenidconnect_franceconnect [2019/01/15 15:55] (current)
Line 1: Line 1:
 +====== France Connect ======
  
 +{{ :​applications:​franceconnect_logo.png?​nolink |}}
 +
 +===== Presentation =====
 +
 +[[https://​doc.integ01.dev-franceconnect.fr/​|France Connect]] is an authentication platform made by French government.
 +
 +<note important>​It is for the moment only in BETA stage. This documentation will explain how to configure LL::NG with the developer reserved space.</​note>​
 +
 +===== Register on France Connect =====
 +
 +Once [[openidconnectservice|OpenID Connect service]] is configured, you need to register to France Connect.
 +
 +Use the following form: [[https://​doc.integ01.dev-franceconnect.fr/​inscription]].
 +
 +You need to provide the callback URLs, for example https://​auth.domain.com/?​openidcallback=1.
 +
 +You will then get a ''​client_id''​ and a ''​client_secret''​.
 +
 +===== Declare France Connect in your LL::NG server =====
 +
 +Go in Manager and create a new OpenID Connect provider. You can call it ''​france-connect''​ for example.
 +
 +Click on ''​Metadata''​ and set manually the metadata of the service, using [[https://​doc.integ01.dev-franceconnect.fr/​fournisseur-service|France Connect endpoints]]. For example:
 +<file javascript>​
 +{
 +"​issuer":​ "​https://​fcp.integ01.dev-franceconnect.fr",​
 +"​authorization_endpoint":​ "​https://​fcp.integ01.dev-franceconnect.fr/​api/​v1/​authorize",​
 +"​token_endpoint":​ "​https://​fcp.integ01.dev-franceconnect.fr/​api/​v1/​token",​
 +"​userinfo_endpoint":​ "​https://​fcp.integ01.dev-franceconnect.fr/​api/​v1/​userinfo",​
 +"​end_session_endpoint":"​https://​fcp.integ01.dev-franceconnect.fr/​api/​v1/​logout"​
 +}
 +</​file>​
 +
 +You can skip JWKS data, they are not provided by France Connect. The security relies on the symmetric key ''​client_secret''​.
 +
 +Go in ''​Exported attributes''​ to choose which attributes from "​identité pivot" you want to collect. See https://​doc.integ01.dev-franceconnect.fr/​identite-pivot
 +
 +Now go in ''​Options'':​
 +  * In ''​Configuration'',​ register the ''​client_id''​ and ''​client_secret''​ given by France Connect
 +  * In ''​Protocol'',​ adapt the ''​scope''​ to the exported attributes you want. See https://​doc.integ01.dev-franceconnect.fr/​fs-scopes
 +  * In ''​Display'',​ you can set the name and the logo