Differences
This shows you the differences between two versions of the page.
— |
documentation:2.1:idpopenid [2019/01/15 15:55] (current) |
||
---|---|---|---|
Line 1: | Line 1: | ||
+ | ====== OpenID server ====== | ||
+ | <note warning> | ||
+ | ===== Presentation ===== | ||
+ | |||
+ | LL::NG can act as an OpenID 2.0 Server, that can allow one to federate LL::NG with: | ||
+ | * Another LL::NG system configured with [[authopenid|OpenID authentication]] | ||
+ | * Any OpenID consumer | ||
+ | |||
+ | LL::NG is compatible with the OpenID Authentication protocol [[http:// | ||
+ | |||
+ | When LL::NG is configured as OpenID identity provider, users can share their authentication using [PORTAL]/ | ||
+ | * [PORTAL] is the portal URL | ||
+ | * [login] is the user login (or any other session information, | ||
+ | |||
+ | Example: | ||
+ | < | ||
+ | http:// | ||
+ | </ | ||
+ | |||
+ | ===== Configuration ===== | ||
+ | |||
+ | In the Manager, go in '' | ||
+ | * **Activation**: | ||
+ | * **Path**: keep '' | ||
+ | * **Use rule**: a rule to allow user to use this module, set to 1 to always allow. | ||
+ | |||
+ | <note tip> | ||
+ | For example, to allow only users with a strong authentication level: | ||
+ | < | ||
+ | $authenticationLevel > 2 | ||
+ | </ | ||
+ | </ | ||
+ | |||
+ | Then go in '' | ||
+ | * **Secret token**: a secret token used to secure transmissions between OpenID client and server ([[idpopenid# | ||
+ | * **OpenID login**: the session key used to match OpenID login. | ||
+ | * **Authorized domains**: white list or black list of OpenID client domains ([[idpopenid# | ||
+ | * **SREG mapping**: link between SREG attributes and session keys ([[idpopenid# | ||
+ | |||
+ | <note tip>If '' | ||
+ | |||
+ | ==== Shared attributes (SREG) ==== | ||
+ | |||
+ | [[http:// | ||
+ | * Nick name | ||
+ | |||
+ | * Full name | ||
+ | * Date of birth | ||
+ | * Gender | ||
+ | * Postal code | ||
+ | * Country | ||
+ | * Language | ||
+ | * Timezone | ||
+ | |||
+ | Each SREG attribute will be associated to a user session key. A session key can be associated to more than one SREG attribute. | ||
+ | |||
+ | < | ||
+ | |||
+ | ==== Security ==== | ||
+ | |||
+ | * LL::NG can be configured to restrict OpenID exchange using a white or a black list of domains. | ||
+ | * If not set, the secret token is calculated using the general encryption key. | ||
+ | |||
+ | <note important> |