Multiple authentication providers

This document applies to version 4.0 P23 and above.

Configuration

The authentication providers are to be configured as the AUTH_PROVIDERS system parameter, e.g.

[
    { "type": "internal", "name": "simplicite", "visible": false },
    { "type": "oauth2", "name": "google", "label": "Sign in with Google OAuth2 IdP", "sync": true, "client_id": "<my client ID>", "client_secret": "<my client secret>" },
    { "type": "saml", "name": "google", "label": "Sign in with Google SAML IdP", "sync": true }
    { "type": "ldap", "name": "openldap" }
]

The specific settings (ex: the OAuth2 client ID) may either be configured:

Common settings

The JSON settings include the common attributes:

Note : You can also customize/add a custom logo for a given provider on the provider choice page by configuring an SVG image resource named <type (in uppercase)>_SIGNIN_<name (in uppercase)> (e.g. LDAP_SIGNIN_MYOPENLDAP

Specific settings

The other settings depends on the provider's type, please refer to the following document for details:

Troubleshooting

To investigate authentication issues you can temporarly activate the DAUTHCS001 log event.

Make sure to déactivate it once your investigation is done as it produces rather verbose output.