Bluemind
Presentation
Bluemind is a groupware application that can use both the
OpenID Connect or CAS protocols.
It is recommended to use the more secure OpenID Connect protocol.
Configuration
LL:NG
Make sure you have already enabled OpenID Connect on your LemonLDAP::NG server.
Make sure you have generated a set of signing keys in
OpenID Connect Service » Security » Keys
You also need to set a Signing key ID to a non-empty value of your choice.
Then, add a Relying Party with the following configuration:
Options » Basic » Client ID : choose a client ID, such as
my_client_idOptions » Basic » Client Secret : choose a client secret, such as
my_client_secretOptions » Basic » Allowed redirection address :
https://bluemind.example.com/auth/openidOptions » Advanced » Force claims to be returned in ID Token :
OnOptions » Advanced » Use JWT format for Access Token:
OnOptions » Advanced » Release claims in Access Token:
OnOptions » Algorithms » ID Token Signature Algorithm :
RS256Options » Scope » Scope rules » email :
1
Define exported attributes:
email: The name of the LLNG variable containing the e-mail address, usuallymail.
Bluemind
Refer to the Bluemind documentation to configure your Bluemind server.
third-party OpenID server URL:
https://auth.example.com/.well-known/openid-configurationOpenId customer identifier:
my_client_idfrom LemonLDAP configurationOpenId customer secret:
my_client_secretfrom LemonLDAP configuration