OpenID Connect
The login method of Lime Forms can be changed to openid connect. To use oidc as the login method you need to have:
- Oidc provider with an application set up
- Database connected to oidc application containing users
A consultant then needs to update your application environment to use oidc as the login method
Oidc configuration
Oidc credentials you need to provide consultant with
oidc provider - Url to the oidc provider
oidc provider client id - Client id from provider
oidc provider client secret - Client secret from provider
Available optional customizations for Forms oidc
-
JIT provision of users
Create the user automatically in the forms database if it is not already existing (check is made against configured oidc_id_property if user already exists)
-
Oidc id property
The identifier property from provider to map against. This is used to determine if the user already exists in the forms database (
subby default) -
Oidc email property
The email property from oidc provider to map against the email used in forms (
emailby default) -
Oidc name property
The name property from provider to map against (
nameby default) -
Provider config cache for X amount of time
For how long the oidc provider config should be cached by the application. (
12 hoursby default)
Map existing Forms users to users from oidc provider
In Forms database the user email is considered unique. If you switch from normal login to oidc but want to keep the user history, you might need to do some mapping of provider ids to the already exisiting users in Forms.
- As a logged in admin in Forms visit the Users page in the UI (/admin/users)
- In the users table add the id from the provider to the desired user
