documentation:2.1:authopenidconnect_franceconnect

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

documentation:2.1:authopenidconnect_franceconnect [2019/01/15 15:55] (current)
Line 1: Line 1:
 +====== France Connect ======
  
 +{{ :applications:franceconnect_logo.png?nolink |}}
 +
 +===== Presentation =====
 +
 +[[https://doc.integ01.dev-franceconnect.fr/|France Connect]] is an authentication platform made by French government.
 +
 +<note important>It is for the moment only in BETA stage. This documentation will explain how to configure LL::NG with the developer reserved space.</note>
 +
 +===== Register on France Connect =====
 +
 +Once [[openidconnectservice|OpenID Connect service]] is configured, you need to register to France Connect.
 +
 +Use the following form: [[https://doc.integ01.dev-franceconnect.fr/inscription]].
 +
 +You need to provide the callback URLs, for example https://auth.domain.com/?openidcallback=1.
 +
 +You will then get a ''client_id'' and a ''client_secret''.
 +
 +===== Declare France Connect in your LL::NG server =====
 +
 +Go in Manager and create a new OpenID Connect provider. You can call it ''france-connect'' for example.
 +
 +Click on ''Metadata'' and set manually the metadata of the service, using [[https://doc.integ01.dev-franceconnect.fr/fournisseur-service|France Connect endpoints]]. For example:
 +<file javascript>
 +{
 +"issuer": "https://fcp.integ01.dev-franceconnect.fr",
 +"authorization_endpoint": "https://fcp.integ01.dev-franceconnect.fr/api/v1/authorize",
 +"token_endpoint": "https://fcp.integ01.dev-franceconnect.fr/api/v1/token",
 +"userinfo_endpoint": "https://fcp.integ01.dev-franceconnect.fr/api/v1/userinfo",
 +"end_session_endpoint":"https://fcp.integ01.dev-franceconnect.fr/api/v1/logout"
 +}
 +</file>
 +
 +You can skip JWKS data, they are not provided by France Connect. The security relies on the symmetric key ''client_secret''.
 +
 +Go in ''Exported attributes'' to choose which attributes from "identité pivot" you want to collect. See https://doc.integ01.dev-franceconnect.fr/identite-pivot
 +
 +Now go in ''Options'':
 +  * In ''Configuration'', register the ''client_id'' and ''client_secret'' given by France Connect
 +  * In ''Protocol'', adapt the ''scope'' to the exported attributes you want. See https://doc.integ01.dev-franceconnect.fr/fs-scopes
 +  * In ''Display'', you can set the name and the logo