Differences
This shows you the differences between two versions of the page.
| — |
documentation:2.1:authopenidconnect_franceconnect [2019/01/15 15:55] (current) |
||
|---|---|---|---|
| Line 1: | Line 1: | ||
| + | ====== France Connect ====== | ||
| + | {{ :applications:franceconnect_logo.png?nolink |}} | ||
| + | |||
| + | ===== Presentation ===== | ||
| + | |||
| + | [[https://doc.integ01.dev-franceconnect.fr/|France Connect]] is an authentication platform made by French government. | ||
| + | |||
| + | <note important>It is for the moment only in BETA stage. This documentation will explain how to configure LL::NG with the developer reserved space.</note> | ||
| + | |||
| + | ===== Register on France Connect ===== | ||
| + | |||
| + | Once [[openidconnectservice|OpenID Connect service]] is configured, you need to register to France Connect. | ||
| + | |||
| + | Use the following form: [[https://doc.integ01.dev-franceconnect.fr/inscription]]. | ||
| + | |||
| + | You need to provide the callback URLs, for example https://auth.domain.com/?openidcallback=1. | ||
| + | |||
| + | You will then get a ''client_id'' and a ''client_secret''. | ||
| + | |||
| + | ===== Declare France Connect in your LL::NG server ===== | ||
| + | |||
| + | Go in Manager and create a new OpenID Connect provider. You can call it ''france-connect'' for example. | ||
| + | |||
| + | Click on ''Metadata'' and set manually the metadata of the service, using [[https://doc.integ01.dev-franceconnect.fr/fournisseur-service|France Connect endpoints]]. For example: | ||
| + | <file javascript> | ||
| + | { | ||
| + | "issuer": "https://fcp.integ01.dev-franceconnect.fr", | ||
| + | "authorization_endpoint": "https://fcp.integ01.dev-franceconnect.fr/api/v1/authorize", | ||
| + | "token_endpoint": "https://fcp.integ01.dev-franceconnect.fr/api/v1/token", | ||
| + | "userinfo_endpoint": "https://fcp.integ01.dev-franceconnect.fr/api/v1/userinfo", | ||
| + | "end_session_endpoint":"https://fcp.integ01.dev-franceconnect.fr/api/v1/logout" | ||
| + | } | ||
| + | </file> | ||
| + | |||
| + | You can skip JWKS data, they are not provided by France Connect. The security relies on the symmetric key ''client_secret''. | ||
| + | |||
| + | Go in ''Exported attributes'' to choose which attributes from "identité pivot" you want to collect. See https://doc.integ01.dev-franceconnect.fr/identite-pivot | ||
| + | |||
| + | Now go in ''Options'': | ||
| + | * In ''Configuration'', register the ''client_id'' and ''client_secret'' given by France Connect | ||
| + | * In ''Protocol'', adapt the ''scope'' to the exported attributes you want. See https://doc.integ01.dev-franceconnect.fr/fs-scopes | ||
| + | * In ''Display'', you can set the name and the logo | ||