OpenID¶
Authentication |
Users |
Password |
---|---|---|
✔ |
✔ |
Danger
OpenID protocol is deprecated. You should now use OpenID Connect.
Presentation¶
LL::NG can delegate authentication to an OpenID server. This requires Perl OpenID consumer module with at least version 1.0.
Tip
LL::NG can also act as OpenID server, that allows one to interconnect two LL::NG systems.
LL::NG will then display a form with an OpenID input, wher users will type their OpenID login.
Tip
OpenID authentication can proposed as an alternate authentication scheme using the authentication choice method.
LL::NG can use a white list or a black list to filter allowed OpenID domains.
If OpenID is used as users database, attributes will be requested to the server with SREG extension.
Configuration¶
In Manager, go in General Parameters
> Authentication modules
and choose OpenID for authentication and/or users.
Then, go in OpenID parameters
:
Authentication level: authentication level for this module.
Secret token: used to check integrity of OpenID response.
Authorizated domain:
List type: choose white list to define allowed domains or black list to define forbidden domains
List: domains list (comma separated values)
To configure requested attributes, edit Exported variables and define attributes:
Key: internal session key, can be prefixed by
!
to make the attribute requiredValue: SREG attribute name:
fullname
nickname
language
postcode
timezone
country
gender
email
dob
See also exported variables configuration.
Attention
Browser implementations of formAction directive are inconsistent (e.g. Firefox doesn’t block the redirects whereas Chrome does). Administrators may have to modify formAction value with wildcard likes *.
In Manager, go in :
General Parameters
> Advanced Parameters
> Security
>
Content Security Policy
> Form destination