Table of Contents

OpenID server

OpenID protocol is deprecated, you should now use OpenID Connect


LL::NG can act as an OpenID 2.0 Server, that can allow one to federate LL::NG with:

LL::NG is compatible with the OpenID Authentication protocol version 2.0 and version 1.0. It can be used just to share authentication or to share user's attributes following the OpenID Simple Registration Extension 1.0 (SREG) specification.

When LL::NG is configured as OpenID identity provider, users can share their authentication using [PORTAL]/openidserver/[login] where:



In the Manager, go in General Parameters » Issuer modules » OpenID and configure:

For example, to allow only users with a strong authentication level:
$authenticationLevel > 2

Then go in Options to define:

If OpenID login is not set, it uses General Parameters » Logs » REMOTE_USER data, which is set to uid by default

Shared attributes (SREG)

SREG permit the share of 8 attributes:

Each SREG attribute will be associated to a user session key. A session key can be associated to more than one SREG attribute.

If the OpenID consumer ask for data, users will be prompted to accept or not the data sharing.


Note that SAML protocol is more secured than OpenID, so when your partners are known, prefer SAML.