What is OpenID authentication?
If you are not familiar with OpenID:
OpenID is a decentralized authentication protocol that makes it easy for people to sign up and access web accounts.
From a Nuxeo user point of view, it lets you log in with an existing OpenID provider account. No password needed, just make sure the user exists in Nuxeo having a common email address with your OpenID provider. Here's an example:
I have an existing Nuxeo user who's email is [email protected]. Gmail is an OpenID provider. I've configured Nuxeo to use it as an OpenID provider. When I am on the login page, I now have a new choice. It's a sign in with Gmail button. It will take me to Gmail which will ask me if I want to sign in to Nuxeo, or to sign in to Gmail if I have not already and then sign in to Nuxeo. And that's it, you're in. No username/password needed.
Configure a New OpenID Provider
As usual, there is a dedicated extension point. Here's the default configuration for Gmail from the OpenID addon.
<component name="org.nuxeo.ecm.platform.oauth2.openid.google" version="1.0">
<description>Login using your Google account</description>
This configuration is incomplete as you still need to specify the clientID and the clientSecret. They are given to you by your OpenID provider (in this case Google) when you register an application through its developer console, which means you first need to declare your Nuxeo Web Application to Google. To do that, go to https://code.google.com/apis/console, then click on API Access, Create and Web Application. This pair of shared clientID/clientSecret is needed to make sure that your Nuxeo server and your OpenID provider (ex. Google) can trust each other.
So, once you have the clientID/clientSecret, create
nxserver/config/openid-config.xmlwith the following content:
<component name="org.nuxeo.ecm.platform.oauth2.openid.google.testing" version="1.0">
<extension target="org.nuxeo.ecm.platform.oauth2.openid.OpenIDConnectProviderRegistry" point="providers">
<clientId><!--enter your clientId here --></clientId>
<clientSecret><!--enter your clientSecret key here --></clientSecret>