rooty/fab-manager
1
0
Fork 0
mirror of https://github.com/LaCasemate/fab-manager.git synced 2024-12-01 12:24:28 +01:00
Code Issues Releases Activity
664e42099a
fab-manager/doc/sso_open_id_connect.md
Sylvain 73b8f95031 (doc) known OIDC issues
2022-11-22 09:50:04 +01:00

1.5 KiB
Raw Blame History

Single-Sign-On authentication using OpenID Connect

Configuration of an OpenID Connect provider is designed to be easier than the OAuth 2.0 authentication method. Nevertheless, it is less powerful and allows only limited fields mapping to the OpenID userinfo endpoint.

We highly recommend using the Discovery mechanism to get the configuration of the OpenID Connect provider.

When configuring an authentication provider using the OpenID Connect protocol, the following fields can be mapped automatically to the corresponding OpenID Connect claims:

  • user.uid
  • user.email
  • user.username
  • profile.first_name
  • profile.last_name
  • profile.avatar
  • profile.website
  • profile.gender
  • profile.birthday
  • profile.phone
  • profile.address

To use the automatic mapping, add one of the fields above and click on the magic wand button near to the "Userinfo claim" input.

Known issues

Not found. Authentication passthru.

This issue may occur if you have misconfigured the environment variable DEFAULT_HOST and/or DEFAULT_PROTOCOL. Especially, if you have an automatic redirection (e.g. from example.org to example.com), DEFAULT_HOST MUST be configured with the redirection target (here example.com). Once you have reconfigured these variables, please switch back the active authentication provider to FabManager, restart the application, then delete the OIDC provider you configured and re-create a new one for the new settings to be used.