Login with OpenID Connect generic
The OpenID Connect (generic) connection lets you use an OIDC identity provider other than Google or Facebook, by manually entering a few parameters.
If your OIDC identity provider supports it, we recommend that you use the auto-discovery authentication mode.
Identity provider project configuration
You'll need to configure your identity provider, specifying URI forAmetys redirections, the scopes allowing access toemail, and your first and last names. You'll get a customer ID and a secret code.
The URI redirection Ametys are :
- <BOserver_url>/_extra-user-management/oidc-callback
(<BOserver_url> par ex: https://cms.mywebsite.com ou https://www.mywebsite.com/cms) - <SITEserver_url>/_extra-user-management/oidc-callback
(A saisir plusieurs fois si vous utilisez plusieurs url racines comme https://www.mywebsite.com et https://www.otherwebsite.com)
The information you need
This information can be found, for example, on a "/.well-known/openid-configuration" page of the identity provider in question.
(Example with Google: https: //accounts.google.com/.well-known/openid-configuration ).
You will need 4 URIs:
- TheURI authentication code that will be used to ask the provider to connect the user.
- TheURI token request (tokenEndpoint), which will be used to retrieve an access token and an identification token.
- The "issuer"URI and the "jwkSetURL" to validate the access token with the identity provider.
- TheURI userInfoEndpoint to retrieve user information.
Connection configuration in the CMS
Go to the CMS administrator area (_admin) and add a new user identification type to an existing or new population.
In "Authentication mode", select "OpenID Connect (generic)".
In "Client ID OpenId" and "Secret Key" enter your ClientID and secret code respectively, as generated earlier.
Then enter the URIs in the corresponding fields.
Your users can now log in using the OIDC identity provider.
Back to top