add openid.md as readme for feature: 950 assigning group through oidc claim
This commit is contained in:
parent
8652cf9874
commit
263250a705
|
@ -1,14 +1,14 @@
|
|||
regarding:
|
||||
https://kolaente.dev/vikunja/api/pulls/1279
|
||||
|
||||
# Assign teams via oidc
|
||||
Adds the functionality to assign users to teams via oidc.
|
||||
This PR adds the functionality to assign users to teams via oidc.
|
||||
Read carefully and brief your administrators to use this feature.
|
||||
You need to configure your oidc provider as explained in the documentation below to make this feature work.
|
||||
Tested with oidc provider authentik.
|
||||
To distinguish between teams created in vikunja and teams generated via oidc, a string attribute for vikunja teams is introduced, which is called: *oidcID*
|
||||
You should conigure your provider to send an oidcID to vikunja.
|
||||
To distinguish between groups created in vikunja and groups generated via oidc, there is an attribute neccessary, which is called: *oidcID*
|
||||
|
||||
## Setup
|
||||
|
||||
Edit [config.yml](https://kolaente.dev/vikunja/api/src/branch/main/config.yml.sample) to include scope: openid profile email vikunja_scope
|
||||
Edit config.yml to include scope: openid profile email vikunja_scope
|
||||
|
||||
For authentik to use group assignment feature:
|
||||
- go to: .../if/admin/#/core/property-mappings
|
||||
|
@ -50,12 +50,21 @@ You should see "the description you entered in the oidc provider's admin area"
|
|||
- You will see "(sso: XXXXX)" written next to each team you were asigned through oidc.
|
||||
|
||||
|
||||
## IMPORTANT NOTES:
|
||||
## IMPORTANT NOTES:
|
||||
<<<<<<< HEAD
|
||||
* **SSO/OIDC teams cannot be edited.**
|
||||
|
||||
* **It is crucial to call the element "vikunja_groups" since this is the name vikunja is looking for.**
|
||||
|
||||
* **Additionally, make sure to deliver an "oidcID" and a "name".**
|
||||
=======
|
||||
**SSO/OIDC teams cannot be edited.**
|
||||
|
||||
**It is crucial to call the element "vikunja_groups" since this is the name vikunja is looking for.**
|
||||
|
||||
**Additionally, make sure to deliver an "oidcID" and a "name".**
|
||||
|
||||
>>>>>>> 8d46490d... add openid.md as readme for feature: 950 assigning group through oidc claim
|
||||
|
||||
|
||||
|
||||
|
@ -89,7 +98,7 @@ nothing happens
|
|||
You'll get error.
|
||||
Custom Scope malformed
|
||||
"The custom scope set by the OIDC provider is malformed. Please make sure the openid provider sets the data correctly for your scope. Check especially to have set an oidcID."
|
||||
|
||||
|
||||
7. *In Vikunja I am in "team 3" with oidcID "", but the token does not deliver any data for "team 3":* \
|
||||
You will stay in team 3 since it was not set by the oidc provider
|
||||
|
||||
|
|
Loading…
Reference in New Issue
Block a user