1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
|
<!DOCTYPE html>
<html lang="en" dir="ltr">
<head>
<meta charset="utf-8" />
<title>documentation:1.9:authopenidconnect_franceconnect</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<meta name="keywords" content="documentation,1.9,authopenidconnect_franceconnect"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="authopenidconnect_franceconnect.html"/>
<link rel="contents" href="authopenidconnect_franceconnect.html" title="Sitemap"/>
<link rel="stylesheet" type="text/css" href="lib/exe/css.php.t.bootstrap3.css"/>
<!-- //if:usedebianlibs
<link rel="stylesheet" type="text/css" href="/javascript/bootstrap/css/bootstrap.min.css" />
//elsif:useexternallibs
<link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css"></script>
//elsif:cssminified
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.min.css" />
//else -->
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.css" />
<!-- //endif -->
<script type="text/javascript">/*<![CDATA[*/var NS='documentation:1.9';var JSINFO = {"id":"documentation:1.9:authopenidconnect_franceconnect","namespace":"documentation:1.9"};
/*!]]>*/</script>
<script type="text/javascript" charset="utf-8" src="lib/exe/js.php.t.bootstrap3.js"></script>
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery/jquery.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/jquery-2.2.0.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.js"></script>
<!-- //endif -->
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery-ui/jquery-ui.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/ui/1.10.4/jquery-ui.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/lib/scripts/jquery-ui.min.js"></script>
//else -->
<script type="text/javascript" src="/lib/scripts/jquery-ui.js"></script>
<!-- //endif -->
</head>
<body>
<div class="dokuwiki export container">
<!-- TOC START -->
<div id="dw__toc">
<h3 class="toggle">Table of Contents</h3>
<div>
<ul class="toc">
<li class="level1"><div class="li"><a href="#presentation">Presentation</a></div></li>
<li class="level1"><div class="li"><a href="#register_on_france_connect">Register on France Connect</a></div></li>
<li class="level1"><div class="li"><a href="#declare_france_connect_in_your_llng_server">Declare France Connect in your LL::NG server</a></div></li>
</ul>
</div>
</div>
<!-- TOC END -->
<h1 class="sectionedit1" id="france_connect">France Connect</h1>
<div class="level1">
<p>
<img src="icons/kmultiple.png" class="mediacenter" alt="" />
</p>
</div>
<!-- EDIT1 SECTION "France Connect" [1-82] -->
<h2 class="sectionedit2" id="presentation">Presentation</h2>
<div class="level2">
<p>
<a href="https://doc.integ01.dev-franceconnect.fr/" class="urlextern" title="https://doc.integ01.dev-franceconnect.fr/" rel="nofollow">France Connect</a> is an authentication platform made by French government.
</p>
<div class="noteimportant">It is for the moment only in BETA stage. This documentation will explain how to configure <abbr title="LemonLDAP::NG">LL::NG</abbr> with the developer reserved space.
</div>
</div>
<!-- EDIT2 SECTION "Presentation" [83-383] -->
<h2 class="sectionedit3" id="register_on_france_connect">Register on France Connect</h2>
<div class="level2">
<p>
Once <a href="openidconnectservice.html" class="wikilink1" title="documentation:1.9:openidconnectservice">OpenID Connect service</a> is configured, you need to register to France Connect.
</p>
<p>
Use the following form: <a href="https://doc.integ01.dev-franceconnect.fr/inscription" class="urlextern" title="https://doc.integ01.dev-franceconnect.fr/inscription" rel="nofollow">https://doc.integ01.dev-franceconnect.fr/inscription</a>.
</p>
<p>
You need to provide the callback URLs, for example <a href="https://auth.domain.com/?openidcallback=1" class="urlextern" title="https://auth.domain.com/?openidcallback=1" rel="nofollow">https://auth.domain.com/?openidcallback=1</a>.
</p>
<p>
You will then get a <code>client_id</code> and a <code>client_secret</code>.
</p>
</div>
<!-- EDIT3 SECTION "Register on France Connect" [384-770] -->
<h2 class="sectionedit4" id="declare_france_connect_in_your_llng_server">Declare France Connect in your LL::NG server</h2>
<div class="level2">
<p>
Go in Manager and create a new OpenID Connect provider. You can call it <code>france-connect</code> for example.
</p>
<p>
Click on <code>Metadata</code> and set manually the metadata of the service, using <a href="https://doc.integ01.dev-franceconnect.fr/fournisseur-service" class="urlextern" title="https://doc.integ01.dev-franceconnect.fr/fournisseur-service" rel="nofollow">France Connect endpoints</a>. For example:
</p>
<pre class="code file javascript"><span class="br0">{</span>
<span class="st0">"issuer"</span><span class="sy0">:</span> <span class="st0">"https://fcp.integ01.dev-franceconnect.fr"</span><span class="sy0">,</span>
<span class="st0">"authorization_endpoint"</span><span class="sy0">:</span> <span class="st0">"https://fcp.integ01.dev-franceconnect.fr/api/v1/authorize"</span><span class="sy0">,</span>
<span class="st0">"token_endpoint"</span><span class="sy0">:</span> <span class="st0">"https://fcp.integ01.dev-franceconnect.fr/api/v1/token"</span><span class="sy0">,</span>
<span class="st0">"userinfo_endpoint"</span><span class="sy0">:</span> <span class="st0">"https://fcp.integ01.dev-franceconnect.fr/api/v1/userinfo"</span><span class="sy0">,</span>
<span class="st0">"end_session_endpoint"</span><span class="sy0">:</span><span class="st0">"https://fcp.integ01.dev-franceconnect.fr/api/v1/logout"</span>
<span class="br0">}</span></pre>
<p>
You can skip JWKS data, they are not provided by France Connect. The security relies on the symmetric key <code>client_secret</code>.
</p>
<p>
Go in <code>Exported attributes</code> to choose which attributes from “identité pivot” you want to collect. See <a href="https://doc.integ01.dev-franceconnect.fr/identite-pivot" class="urlextern" title="https://doc.integ01.dev-franceconnect.fr/identite-pivot" rel="nofollow">https://doc.integ01.dev-franceconnect.fr/identite-pivot</a>
</p>
<p>
Now go in <code>Options</code>:
</p>
<ul>
<li class="level1"><div class="li"> In <code>Configuration</code>, register the <code>client_id</code> and <code>client_secret</code> given by France Connect</div>
</li>
<li class="level1"><div class="li"> In <code>Protocol</code>, adapt the <code>scope</code> to the exported attributes you want. See <a href="https://doc.integ01.dev-franceconnect.fr/fs-scopes" class="urlextern" title="https://doc.integ01.dev-franceconnect.fr/fs-scopes" rel="nofollow">https://doc.integ01.dev-franceconnect.fr/fs-scopes</a></div>
</li>
<li class="level1"><div class="li"> In <code>Display</code>, you can set the name and the logo</div>
</li>
</ul>
</div>
<!-- EDIT4 SECTION "Declare France Connect in your LL::NG server" [771-] --></div>
</body>
</html>
|
