ITSM-NG is a fork of GLPI. The software’s main features are: assets management, IT inventory, service desk, dashboards, KB…

ITSM-NG is compatible with OpenID Connect protocol.

OpenID Connect

Configuring ITSM-NG

The configuration steps are described on ITSM-NG wiki.

Just set LemonLDAP::NG main portail URL in Provider field, and define Client ID and Client Secret.

Configuring LemonLDAP::NG

If not done yet, configure LemonLDAP::NG as an OpenID Connect service.

Then add ITSM-NG as a new OpenID Connect Relying Party using the following parameters:

  • Client ID: the same you set in ITSM-NG configuration

  • Client Secret: the same you set in ITSM-NG configuration

  • Add the following exported attributes:
    • given_name: user’s givenName attribute

    • family_name: user’s sn attribute

    • email: user’s mail attribute

  • Login and Logout Redirect URIs: The main URL of ITSM-NG instance

Configuration sample using CLI:

$ /usr/libexec/lemonldap-ng/bin/lemonldap-ng-cli -yes 1 \
    addKey \
      oidcRPMetaDataExportedVars/itsmng given_name givenName \
      oidcRPMetaDataExportedVars/itsmng family_name sn \
      oidcRPMetaDataExportedVars/itsmng email mail \
      oidcRPMetaDataOptions/itsmng oidcRPMetaDataOptionsClientID myClientId \
      oidcRPMetaDataOptions/itsmng oidcRPMetaDataOptionsClientSecret myClientSecret \
      oidcRPMetaDataOptions/itsmng oidcRPMetaDataOptionsRedirectUris ''  \
      oidcRPMetaDataOptions/itsmng oidcRPMetaDataOptionsPostLogoutRedirectUris '' \
      oidcRPMetaDataOptions/itsmng oidcRPMetaDataOptionsIDTokenSignAlg RS512 \
      oidcRPMetaDataOptions/itsmng oidcRPMetaDataOptionsIDTokenExpiration 3600 \
      oidcRPMetaDataOptions/itsmng oidcRPMetaDataOptionsAccessTokenExpiration 3600 \
      oidcRPMetaDataOptions/itsmng oidcRPMetaDataOptionsBypassConsent 1


Declare all attributes that you need to map in ITSM-NG configuration. These attributes must be returned by the scopes requested by ITSM-NG.