vikunja/vikunja
6
43
Fork 73
Code Issues 151 Pull Requests 16 Packages Releases 32 Activity

add openid.md as readme for feature: 950 assigning group through oidc claim

Browse Source
This commit is contained in:
viehlieb 2023-02-01 16:36:01 +01:00 committed by kolaente
parent 8652cf9874
commit 263250a705
Signed by: konrad
GPG Key ID: F40E70337AB24C9B
1 changed files with 17 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
pkg/modules/auth/openid/openid.md
View File

@ -1,14 +1,14 @@
regarding:
https://kolaente.dev/vikunja/api/pulls/1279
# Assign teams via oidc
Adds the functionality to assign users to teams via oidc.
This PR adds the functionality to assign users to teams via oidc.
Read carefully and brief your administrators to use this feature.
You need to configure your oidc provider as explained in the documentation below to make this feature work.
Tested with oidc provider authentik.
To distinguish between teams created in vikunja and teams generated via oidc, a string attribute for vikunja teams is introduced, which is called: *oidcID*
You should conigure your provider to send an oidcID to vikunja.
To distinguish between groups created in vikunja and groups generated via oidc, there is an attribute neccessary, which is called: *oidcID*
## Setup
Edit [config.yml](https://kolaente.dev/vikunja/api/src/branch/main/config.yml.sample) to include scope: openid profile email vikunja_scope
Edit config.yml to include scope: openid profile email vikunja_scope
For authentik to use group assignment feature:
- go to: .../if/admin/#/core/property-mappings
@ -50,12 +50,21 @@ You should see "the description you entered in the oidc provider's admin area"
- You will see "(sso: XXXXX)" written next to each team you were asigned through oidc.
## IMPORTANT NOTES:
## IMPORTANT NOTES:
<<<<<<< HEAD
* **SSO/OIDC teams cannot be edited.**
* **It is crucial to call the element "vikunja_groups" since this is the name vikunja is looking for.**
* **Additionally, make sure to deliver an "oidcID" and a "name".**
=======
**SSO/OIDC teams cannot be edited.**
**It is crucial to call the element "vikunja_groups" since this is the name vikunja is looking for.**
**Additionally, make sure to deliver an "oidcID" and a "name".**
>>>>>>> 8d46490d... add openid.md as readme for feature: 950 assigning group through oidc claim
@ -89,7 +98,7 @@ nothing happens
You'll get error.
Custom Scope malformed
"The custom scope set by the OIDC provider is malformed. Please make sure the openid provider sets the data correctly for your scope. Check especially to have set an oidcID."
7. *In Vikunja I am in "team 3" with oidcID "", but the token does not deliver any data for "team 3":* \
You will stay in team 3 since it was not set by the oidc provider