adding authentik setup to openid-examples, some work in documentation
Some checks failed
continuous-integration/drone/pr Build is failing
Some checks failed
continuous-integration/drone/pr Build is failing
This commit is contained in:
parent
06c849bf81
commit
690302ac46
|
@ -317,7 +317,7 @@ auth:
|
|||
# The client secret used to authenticate Vikunja at the OpenID Connect provider.
|
||||
clientsecret:
|
||||
# The scope necessary to use oidc.
|
||||
# If you want to use the Feature to create and assign to vikunja teams via oidc, you have to add the custom "vikunja_scope" and check [openid.md](https://vikunja.io/docs/openid/)
|
||||
# If you want to use the Feature to create and assign to vikunja teams via oidc, you have to add the custom "vikunja_scope" and check [openid.md](https://vikunja.io/docs/openid/).
|
||||
# e.g. scope: openid email profile vikunja_scope
|
||||
scope: openid email profile
|
||||
|
||||
|
|
|
@ -88,3 +88,20 @@ Keycloak Config:
|
|||
- Set `Root Url` to `https://vikunja.mydomain.com`
|
||||
- Set `Valid redirect URIs` to `/auth/openid/keycloak`
|
||||
- Create the client the navigate to the credentials tab and copy the `Client secret`
|
||||
|
||||
## authentik
|
||||
|
||||
Vikunja Config:
|
||||
```yaml
|
||||
openid:
|
||||
enabled: true
|
||||
redirecturl: <frontend url>/auth/openid/
|
||||
providers:
|
||||
- name: authentiklogin
|
||||
authurl: http://localhost:9000/application/o/vikunja/
|
||||
logouturl: http://localhost:9000/if/session-end/vikunja/
|
||||
clientid: <vikunja-id>
|
||||
clientsecret: <vikunja secret>
|
||||
scope: openid email profile
|
||||
```
|
||||
|
||||
|
|
|
@ -14,7 +14,7 @@ Teams which exist only because they were created from oidc attributes are not ed
|
|||
|
||||
To distinguish between teams created in Vikunja and teams generated automatically via oidc, generated teams have an `oidcID` assigned internally.
|
||||
|
||||
You need to make sure the OpenID provider has the `vikunja_groups` scope via your custom scope since this is the key Vikunja is looking for to start the procedure.
|
||||
You need to make sure the OpenID provider has the `vikunja_groups` scope via your custom scope since this is the key, which is looked up by Vikunja to start the procedure.
|
||||
|
||||
Additionally, make sure to deliver an `oidcID` and a `name` attribute in the oidc token.
|
||||
|
||||
|
@ -26,7 +26,7 @@ To use Authentik's group assignment feature, follow these steps:
|
|||
|
||||
1. Edit [your config]({{< ref "config.md">}}) to include the following scopes: `openid profile email vikunja_scope`
|
||||
2. Open `<your authentik url>/if/admin/#/core/property-mappings`
|
||||
3. Create a new mapping called `vikunja_scope`. There is a field to enter python expressions that will be delivered with the oidc token.
|
||||
3. Create a new property mapping called `vikunja_scope` as scope mapping. There is a field `expression` to enter python expressions that will be delivered with the oidc token.
|
||||
4. Write a small script like the following to add group information to `vikunja_scope`:
|
||||
|
||||
```python
|
||||
|
|
Loading…
Reference in New Issue
Block a user