BigBlueButton is a web conferencing system designed for online learning. It offers audio/video sharing, presentations with extended whiteboard capabilities - such as a pointer, zooming and drawing - public and private chat, breakout rooms, screen sharing, integrated VoIP using FreeSWITCH, and support for presentation of PDF documents and Microsoft Office documents.
Its user-facing interface, Greenlight, can be configured to authenticate users with OpenID Connect since version 2.7.17.
Make sure you have already enabled OpenID Connect on your LemonLDAP::NG server
Make sure you have generated a set of signing keys in
OpenID Connect Service »
You also need to set a Signing key ID to a non-empty value of your choice.
Then, add a Relaying Party with the following configuration
Options » Authentification » Client ID : choose a client ID, such as
Options » Authentification » Client Secret : choose a client secret, such as
Options » Allowed redirection address :
Options » ID Token Signature Algorithm :
Adjust your Exported Attributes to send the correct session variables in the
Configure the following environment variables in your greenlight .env file
OPENID_CONNECT_CLIENT_ID=my_client_id OPENID_CONNECT_CLIENT_SECRET=my_client_secret OPENID_CONNECT_ISSUER=https://auth.example.com OPENID_CONNECT_UID_FIELD=sub OAUTH2_REDIRECT=https://my_greenlight_server/b/
Your ID Token Signature Algorithm has to be RSxxx, symmetric algorithms seem broken as of Greenlight 2.7.17
OAUTH2_REDIRECTmust match the URL you use to access Greenlight. the
auth/openid_connect/callbacksuffix must be omitted
Greenlight requires your LemonLDAP::NG server to be served over HTTPS using a publically recognized certificate authority (such as Let’s Encrypt)