Changes for page Lemon LDAP and OpenPAAS Configuration
Last modified by Ludovic Dubost on 2020/10/01 11:16
Change comment:
There is no comment for this version
Summary
-
Page properties (1 modified, 0 added, 0 removed)
Details
- Page properties
-
- Content
-
... ... @@ -37,34 +37,34 @@ 37 37 38 38 The OpenIDC module must be activated in the section General Settings / Supplier Modules / OpenID Connect 39 39 40 - Image:40 +image:lemonldap-activationopenidc.png 41 41 42 42 An XWiki application must be added in the General Settings / Portal / Menu / Categories and Application section. 43 43 The XWiki URL must be specified. 44 44 45 - Image:45 +image:lemonldap-ajouterapp.png 46 46 47 47 A client configuration must be added in "OpenID Connect Clients". The name can be anything. 48 48 49 - Image:49 +image:lemonldap-ajouterclientopenidc.png 50 50 51 51 The clientid and secret parameters must be added in the Options / Authentication section. These must be the same as in the xwiki.properties configuration 52 52 53 - Image:53 +image:lemonldap-authentification.png 54 54 55 55 An authorized redirection address must be specified in the Options / Redirection Addresses Allowed for Connection and Options / Redirected Adresses for Disconnection options. This must match the URL of the XWiki and the URI part must be / xwiki / oidc / authenticator / callback. 56 56 57 - Image:57 +image:lemonldap-redirectionauthorisee.png 58 58 59 59 In order to allow the synchronization of fields from LemonLDAP into the XWiki profile, new attributes starting with xwiki_user_ followed by the name of the XWiki field (first_name, last_name, company, address) must be added in the Export Attributes section. They must point to LemonLDAP field names themselves synchronized to the authentication source (often OpenLDAP). In demo mode, lemonLDAP does not have many available fields, so we synchronized the "cn". 60 60 61 - Image:61 +image:lemonldap-attributes.png 62 62 63 63 Once the fields have been created, the "profile" value must be modified in the Options / Declarations section. It should contain the list of classic fields plus the new XWiki fields. For example: 64 64 65 65 name given_name country first_name last_name email mail xwiki_user_first_name xwiki_user_last_name xwiki_user_company 66 66 67 - Image:67 +image:lemonldap-scopeclaims.png 68 68 69 69 == Troubleshooting == 70 70