vikunja/vikunja
6
43
Fork 72
Code Issues 151 Pull Requests 17 Packages Releases 32 Activity

adding authentik setup to openid-examples, some work in documentation
Some checks failed
continuous-integration/drone/pr Build is failing
Details

Browse Source
This commit is contained in:
viehlieb 2024-02-23 12:39:03 +01:00
parent 06c849bf81
commit 690302ac46
4 changed files with 27 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
config.yml.sample
View File

@ -317,7 +317,7 @@ auth:
# The client secret used to authenticate Vikunja at the OpenID Connect provider.
clientsecret:
# The scope necessary to use oidc.
# If you want to use the Feature to create and assign to vikunja teams via oidc, you have to add the custom "vikunja_scope" and check [openid.md](https://vikunja.io/docs/openid/)
# If you want to use the Feature to create and assign to vikunja teams via oidc, you have to add the custom "vikunja_scope" and check [openid.md](https://vikunja.io/docs/openid/).
# e.g. scope: openid email profile vikunja_scope
scope: openid email profile

17
docs/content/doc/setup/openid-examples.md
View File

@ -88,3 +88,20 @@ Keycloak Config:
- Set `Root Url` to `https://vikunja.mydomain.com`
- Set `Valid redirect URIs` to `/auth/openid/keycloak`
- Create the client the navigate to the credentials tab and copy the `Client secret`
## authentik
Vikunja Config:
```yaml
openid:
enabled: true
redirecturl: <frontend url>/auth/openid/
providers:
- name: authentiklogin
authurl: http://localhost:9000/application/o/vikunja/
logouturl: http://localhost:9000/if/session-end/vikunja/
clientid: <vikunja-id>
clientsecret: <vikunja secret>
scope: openid email profile
```

4
docs/content/doc/setup/openid.md
View File

@ -14,7 +14,7 @@ Teams which exist only because they were created from oidc attributes are not ed
To distinguish between teams created in Vikunja and teams generated automatically via oidc, generated teams have an `oidcID` assigned internally.
You need to make sure the OpenID provider has the `vikunja_groups` scope via your custom scope since this is the key Vikunja is looking for to start the procedure.
You need to make sure the OpenID provider has the `vikunja_groups` scope via your custom scope since this is the key, which is looked up by Vikunja to start the procedure.
Additionally, make sure to deliver an `oidcID` and a `name` attribute in the oidc token.
@ -26,7 +26,7 @@ To use Authentik's group assignment feature, follow these steps:
1. Edit [your config]({{< ref "config.md">}}) to include the following scopes: `openid profile email vikunja_scope`
2. Open `<your authentik url>/if/admin/#/core/property-mappings`
3. Create a new mapping called `vikunja_scope`. There is a field to enter python expressions that will be delivered with the oidc token.
3. Create a new property mapping called `vikunja_scope` as scope mapping. There is a field `expression` to enter python expressions that will be delivered with the oidc token.
4. Write a small script like the following to add group information to `vikunja_scope`:
```python