OpenID

Authentication

Users

Password

Danger

OpenID protocol is deprecated. You should now use OpenID Connect.

Presentation

LL::NG can delegate authentication to an OpenID server. This requires Perl OpenID consumer module with at least version 1.0.

Tip

LL::NG can also act as OpenID server, that allows one to interconnect two LL::NG systems.

LL::NG will then display a form with an OpenID input, where users will type their OpenID login.

Tip

OpenID authentication can proposed as an alternate authentication scheme using the authentication choice method.

LL::NG can use a white list or a black list to filter allowed OpenID domains.

If OpenID is used as users database, attributes will be requested to the server with SREG extension.

Configuration

In Manager, go in General Parameters > Authentication modules and choose OpenID for authentication and/or users.

Then, go in OpenID parameters:

  • Authentication level: authentication level for this module.

  • Secret token: used to check integrity of OpenID response.

  • Authorized domain:

    • List type: choose white list to define allowed domains or black list to define forbidden domains

    • List: domains list (comma separated values)

To configure requested attributes, edit Exported variables and define attributes:

  • Key: internal session key, can be prefixed by ! to make the attribute required

  • Value: SREG attribute name:

    • fullname

    • nickname

    • language

    • postcode

    • timezone

    • country

    • gender

    • email

    • dob

See also exported variables configuration.

Attention

Browser implementations of formAction directive are inconsistent (e.g. Firefox doesn’t block the redirects whereas Chrome does). Administrators may have to modify formAction value with wildcard likes *.

In Manager, go in:

General Parameters > Advanced Parameters > Security > Content Security Policy > Form destination