BigBlueButton¶
Presentation¶
BigBlueButton is a web conferencing system designed for online learning. It offers audio/video sharing, presentations with extended whiteboard capabilities - such as a pointer, zooming and drawing - public and private chat, breakout rooms, screen sharing, integrated VoIP using FreeSWITCH, and support for presentation of PDF documents and Microsoft Office documents.
Its user-facing interface, Greenlight, can be configured to authenticate users with OpenID Connect since version 2.7.17.
Configuration¶
LL:NG¶
Make sure you have already enabled OpenID Connect on your LemonLDAP::NG server
Make sure you have generated a set of signing keys in
OpenID Connect Service
» Security
» Keys
You also need to set a Signing key ID to a non-empty value of your choice.
Then, add a Relaying Party with the following configuration
Options » Authentification » Client ID : choose a client ID, such as
my_client_id
Options » Authentification » Client Secret : choose a client secret, such as
my_client_secret
Options » Allowed redirection address :
https://my_greenlight_server/b/auth/openid_connect/callback
Options » ID Token Signature Algorithm :
RS256
Adjust your Exported Attributes to send the correct session variables in the
email
andname
claims.
Greenlight¶
Configure the following environment variables in your greenlight .env file
OPENID_CONNECT_CLIENT_ID=my_client_id
OPENID_CONNECT_CLIENT_SECRET=my_client_secret
OPENID_CONNECT_ISSUER=https://auth.example.com
OPENID_CONNECT_UID_FIELD=sub
OAUTH2_REDIRECT=https://my_greenlight_server/b/
Notes¶
Your ID Token Signature Algorithm has to be RSxxx, symmetric algorithms seem broken as of Greenlight 2.7.17
OAUTH2_REDIRECT
must match the URL you use to access Greenlight. theauth/openid_connect/callback
suffix must be omittedGreenlight requires your LemonLDAP::NG server to be served over HTTPS using a publically recognized certificate authority (such as Let’s Encrypt)