Connection with Open Id Connect (with automatic discovery)
OpenID Connect (with automatic discovery) allows you to use an OIDC identity provider other than Google or Facebook.
Auto-discovery has its limits and only works correctly if the identity provider's "/.well-known/openid-configuration" page contains all the necessary URIs and is up to date.
If this is not the case, you'll need to use the generic authentication mode to enter the data manually.
Project configuration on your identity provider
You'll need to configure the identity provider, indicating the URI redirections, the scopes allowing access toemail, the first and last name.
You'll get a customer ID and a secret code.
The URI redirection Ametys are :
- <BOserver_url>/_extra-user-management/oidc-callback
(<BOserver_url> par ex: https://cms.mywebsite.com ou https://www.mywebsite.com/cms) - <SITEserver_url>/_extra-user-management/oidc-callback
(A saisir plusieurs fois si vous utilisez plusieurs url racines comme https://www.mywebsite.com et https://www.otherwebsite.com)
The information you need
This information can, for example, be found on a "/.well-known/openid-configuration" page of the provider in question.
(Google example: https: //accounts.google.com/.well-known/openid-configuration ).
Find the issuer'sURI .
You'll also need to add the "scopes" - in other words, the fields you wish to access. By default, the "openid" scope is already taken into account, so you'll need to add scopes to retrieve the user's name,email and first name, separated by commas.
Connection configuration in the CMS
Go to the CMS administrator area (_admin) and add a new user identification type to an existing or new population.
In "Authentication mode", select "OpenID Connect (with automatic discovery)".
In "Customer identifier OpenId" and "Secret key" enter your ClientID and secret code respectively, as generated earlier.
In "Open Id issuer URI ", enter theURI issuer found above.
Then click on "Finish".
Your users can now log in using the OIDC provider.
Back to top