File: authgoogle.html

package info (click to toggle)
lemonldap-ng 1.9.7-3%2Bdeb9u2
  • links: PTS, VCS
  • area: main
  • in suites: stretch
  • size: 39,024 kB
  • sloc: perl: 37,552; makefile: 922; sh: 472; sql: 5
file content (149 lines) | stat: -rw-r--r-- 7,315 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
 
<!DOCTYPE html>
<html lang="en" dir="ltr">
<head>
  <meta charset="utf-8" />
  <title>documentation:1.9:authgoogle</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<meta name="keywords" content="documentation,1.9,authgoogle"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="authgoogle.html"/>
<link rel="contents" href="authgoogle.html" title="Sitemap"/>
<link rel="stylesheet" type="text/css" href="lib/exe/css.php.t.bootstrap3.css"/>
<!-- //if:usedebianlibs
  <link rel="stylesheet" type="text/css" href="/javascript/bootstrap/css/bootstrap.min.css" />
//elsif:useexternallibs
  <link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css"></script>
//elsif:cssminified
  <link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.min.css" />
//else -->
  <link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.css" />
<!-- //endif -->
<script type="text/javascript">/*<![CDATA[*/var NS='documentation:1.9';var JSINFO = {"id":"documentation:1.9:authgoogle","namespace":"documentation:1.9"};
/*!]]>*/</script>
<script type="text/javascript" charset="utf-8" src="lib/exe/js.php.t.bootstrap3.js"></script>
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery/jquery.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/jquery-2.2.0.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.js"></script>
<!-- //endif -->
<!-- //if:usedebianlibs
  <script type="text/javascript" src="/javascript/jquery-ui/jquery-ui.min.js"></script>
//elsif:useexternallibs
  <script type="text/javascript" src="http://code.jquery.com/ui/1.10.4/jquery-ui.min.js"></script>
//elsif:jsminified
  <script type="text/javascript" src="/lib/scripts/jquery-ui.min.js"></script>
//else -->
  <script type="text/javascript" src="/lib/scripts/jquery-ui.js"></script>
<!-- //endif -->
</head>
<body>
<div class="dokuwiki export container">
<!-- TOC START -->
<div id="dw__toc">
<h3 class="toggle">Table of Contents</h3>
<div>

<ul class="toc">
<li class="level1"><div class="li"><a href="#presentation">Presentation</a></div></li>
<li class="level1"><div class="li"><a href="#configuration">Configuration</a></div></li>
<li class="level1"><div class="li"><a href="#google_migration">Google Migration</a></div></li>
</ul>
</div>
</div>
<!-- TOC END -->

<h1 class="sectionedit1" id="google">Google</h1>
<div class="level1">
<div class="table sectionedit2"><table class="inline table table-bordered table-striped">
	<thead>
	<tr class="row0 roweven">
		<th class="col0 centeralign">  Authentication  </th><th class="col1 centeralign">  Users  </th><th class="col2 centeralign">  Password  </th>
	</tr>
	</thead>
	<tr class="row1 rowodd">
		<td class="col0 centeralign">  ✔  </td><td class="col1 centeralign">  ✔  </td><td class="col2"> </td>
	</tr>
</table></div>
<!-- EDIT2 TABLE [23-86] -->
</div>
<!-- EDIT1 SECTION "Google" [1-87] -->
<h2 class="sectionedit3" id="presentation">Presentation</h2>
<div class="level2">

<p>
Google proposes to allow applications to reuse its own authentication process using <a href="http://en.wikipedia.org/wiki/OpenID" class="urlextern" title="http://en.wikipedia.org/wiki/OpenID"  rel="nofollow">OpenID</a> protocol (it means, if your are connected to Google, other applications can trust Google and let you in).
</p>
<div class="notewarning">OpenID 2.0 support is closed since 20th April 2015. If you still need to use Google login after this date, use <a href="authopenidconnect.html" class="wikilink1" title="documentation:1.9:authopenidconnect">OpenID Connect authentication module</a>.
</div>
</div>
<!-- EDIT3 SECTION "Presentation" [88-544] -->
<h2 class="sectionedit4" id="configuration">Configuration</h2>
<div class="level2">

<p>
In Manager, go in <code>General Parameters</code> &gt; <code>Authentication modules</code> and choose Google for authentication module. This will use email as login name (for accounting, session explorer,…). If you want to access to other datas, you have to use Google in <code>General Parameters</code> &gt; <code>Authentication modules &gt; User module</code>. Then in exported variables, you can ask only for :
</p>
<ul>
<li class="level1"><div class="li"> country</div>
</li>
<li class="level1"><div class="li"> email</div>
</li>
<li class="level1"><div class="li"> firstname</div>
</li>
<li class="level1"><div class="li"> language</div>
</li>
<li class="level1"><div class="li"> lastname</div>
</li>
</ul>

<p>
Use the name you want but this values in the value field. If you want to require that a field is set, add “!” before the key name :
</p>
<ul>
<li class="level1"><div class="li"> “myfield ⇒ firstname” can be “”</div>
</li>
<li class="level1"><div class="li"> “!myfield ⇒ lastname” must be set</div>
</li>
</ul>

<p>
See also <a href="exportedvars.html" class="wikilink1" title="documentation:1.9:exportedvars">exported variables configuration</a>.
</p>
<div class="noteimportant">A specific persistent session is created with this module, to store attribute values returned by Google. If this session is lost, Google will ask a confirmation for each requested attribute.
</div>
</div>
<!-- EDIT4 SECTION "Configuration" [545-1491] -->
<h2 class="sectionedit5" id="google_migration">Google Migration</h2>
<div class="level2">

<p>
A Google Migration workaround is available since LemonLDAP::NG 1.4.4. It provides a specific and lightweight OpenID Connect module that will replace the current Google module.
</p>
<div class="noteimportant">This module is not available in version 1.9 and superior, you must use instead the <a href="authopenidconnect.html" class="wikilink1" title="documentation:1.9:authopenidconnect">OpenID Connect authentication module</a>.
</div>
<p>
To use it, edit lemonldap-ng.ini (this is not available trough Manager) and configure:
</p>
<pre class="code file ini"><span class="re0"><span class="br0">&#91;</span>portal<span class="br0">&#93;</span></span>
<span class="re1">authentication</span> <span class="sy0">=</span><span class="re2"> GoogleMigration</span>
<span class="re1">googleClientId</span> <span class="sy0">=</span><span class="re2"> XXXX</span>
<span class="re1">googleClientSecret</span> <span class="sy0">=</span><span class="re2"> XXXX</span></pre>

<p>
You need to register your LemonLDAP::NG application to Google in order to obtain the Client ID and the Client Secret, see <a href="https://developers.google.com/" class="urlextern" title="https://developers.google.com/"  rel="nofollow">https://developers.google.com/</a>
</p>

<p>
You also need to register to Google the redirect <abbr title="Uniform Resource Identifier">URI</abbr>. You have to set your portal <abbr title="Uniform Resource Locator">URL</abbr> with the googlecb=1 GET parameter, for example:
</p>
<pre class="code">http://auth.example.com/?googlecb=1</pre>

</div>
<!-- EDIT5 SECTION "Google Migration" [1492-] --></div>
</body>
</html>