|
|
— |
documentation:2.1:authopenidconnect_franceconnect [2019/01/15 15:55] (current) |
| ====== France Connect ====== |
| |
| {{ :applications:franceconnect_logo.png?nolink |}} |
| |
| ===== Presentation ===== |
| |
| [[https://doc.integ01.dev-franceconnect.fr/|France Connect]] is an authentication platform made by French government. |
| |
| <note important>It is for the moment only in BETA stage. This documentation will explain how to configure LL::NG with the developer reserved space.</note> |
| |
| ===== Register on France Connect ===== |
| |
| Once [[openidconnectservice|OpenID Connect service]] is configured, you need to register to France Connect. |
| |
| Use the following form: [[https://doc.integ01.dev-franceconnect.fr/inscription]]. |
| |
| You need to provide the callback URLs, for example https://auth.domain.com/?openidcallback=1. |
| |
| You will then get a ''client_id'' and a ''client_secret''. |
| |
| ===== Declare France Connect in your LL::NG server ===== |
| |
| Go in Manager and create a new OpenID Connect provider. You can call it ''france-connect'' for example. |
| |
| Click on ''Metadata'' and set manually the metadata of the service, using [[https://doc.integ01.dev-franceconnect.fr/fournisseur-service|France Connect endpoints]]. For example: |
| <file javascript> |
| { |
| "issuer": "https://fcp.integ01.dev-franceconnect.fr", |
| "authorization_endpoint": "https://fcp.integ01.dev-franceconnect.fr/api/v1/authorize", |
| "token_endpoint": "https://fcp.integ01.dev-franceconnect.fr/api/v1/token", |
| "userinfo_endpoint": "https://fcp.integ01.dev-franceconnect.fr/api/v1/userinfo", |
| "end_session_endpoint":"https://fcp.integ01.dev-franceconnect.fr/api/v1/logout" |
| } |
| </file> |
| |
| You can skip JWKS data, they are not provided by France Connect. The security relies on the symmetric key ''client_secret''. |
| |
| Go in ''Exported attributes'' to choose which attributes from "identité pivot" you want to collect. See https://doc.integ01.dev-franceconnect.fr/identite-pivot |
| |
| Now go in ''Options'': |
| * In ''Configuration'', register the ''client_id'' and ''client_secret'' given by France Connect |
| * In ''Protocol'', adapt the ''scope'' to the exported attributes you want. See https://doc.integ01.dev-franceconnect.fr/fs-scopes |
| * In ''Display'', you can set the name and the logo |