From 000361f916a7364dfaede3cad6e2c862b5520855 Mon Sep 17 00:00:00 2001
From: Sylvain <sylvain@sleede.com>
Date: Wed, 20 Apr 2022 15:22:23 +0200
Subject: [PATCH] (doc) openid connect configuration documentation

---
 doc/README.md              |  1 +
 doc/sso_open_id_connect.md | 23 +++++++++++++++++++++++
 2 files changed, 24 insertions(+)

diff --git a/doc/README.md b/doc/README.md
index 8775de5ee..7ee2daf00 100644
--- a/doc/README.md
+++ b/doc/README.md
@@ -27,6 +27,7 @@ The following guides are designed for the people that perform software maintenan
 - [Advanced PostgreSQL usage](postgresql_readme.md)
 
 - [Connecting an SSO using oAuth 2.0](sso_with_github.md)
+- [Connecting an SSO using OpenID Connect](sso_open_id_connect.md)
 
 - [Upgrade from Fab-manager v1.0](upgrade_v1.md)
 
diff --git a/doc/sso_open_id_connect.md b/doc/sso_open_id_connect.md
index e69de29bb..e44c3893e 100644
--- a/doc/sso_open_id_connect.md
+++ b/doc/sso_open_id_connect.md
@@ -0,0 +1,23 @@
+# Single-Sign-On authentication using OpenID Connect
+
+Configuration of an OpenID Connect provider is designed to be easier than the OAuth 2.0 authentication method.
+Nevertheless, it is less powerful and allows only limited fields mapping to the OpenID `userinfo` endpoint.
+
+We highly recommend using the [Discovery](https://openid.net/specs/openid-connect-discovery-1_0.html) mechanism to get the configuration of the OpenID Connect provider.
+
+When configuring an authentication provider using the OpenID Connect protocol, the following fields can be mapped automatically
+to the corresponding OpenID Connect claims:
+
+- user.uid
+- user.email
+- user.username
+- profile.first_name
+- profile.last_name
+- profile.avatar
+- profile.website
+- profile.gender
+- profile.birthday
+- profile.phone
+- profile.address
+
+To use the automatic mapping, add one of the fields above and click on the magic wand button near to the "Userinfo claim" input.