feat: support both authentik and keycloak

This commit is contained in:
knoflook 2023-03-14 13:19:50 +01:00
parent 0c691d8f40
commit 525ed5ab4e
4 changed files with 21 additions and 1 deletions

View File

@ -10,6 +10,9 @@ SECRET_DB_ROOT_PASSWORD_VERSION=v1
SECRET_ADMIN_PASSWORD_VERSION=v1
# SSO_ENABLED=0
## only set one of those depending on which SSO you're using
# SSO_AUTHENTIK=1
# SSO_KEYCLOAK=0
# SSO_PROVIDER_URL=https://sso.example.org/
# SSO_SAML_URL=https://sso.example.org/application/saml/<application-slug>/sso/binding/redirect/
# SSO_LOGOUT_URL=https://sso.example.org/if/session-end/<application-slug>/

View File

@ -1,5 +1,5 @@
export ENTRYPOINT_CONF_VERSION=v1
export LOCAL_CONF_VERSION=v2
export LOCAL_CONF_VERSION=v3
create_admin () {
export DATABASE_URL="$DATABASE_TYPE://$DATABASE_USER:$(cat /run/secrets/db_password)@$DATABASE_HOST/$DATABASE_NAME"

View File

@ -3,6 +3,17 @@ kimai:
saml:
activate: true
title: Login with SAML
{{ if eq env "SSO_AUTHENTIK"} "1" }}
mapping:
- { saml: $http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress, kimai: email }
- { saml: $http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name, kimai: alias }
roles:
attribute: http://schemas.xmlsoap.org/claims/Group
resetOnLogin: true
attribute: Roles
mapping:
- { saml: admin.group, kimai: ROLE_ADMIN }
{{ else if eq (env "SSO_KEYCLOAK") "1" }}
mapping:
- { saml: $Email, kimai: email }
- { saml: $FirstName $LastName, kimai: alias }
@ -12,6 +23,7 @@ kimai:
mapping:
- { saml: Admins, kimai: ROLE_ADMIN }
- { saml: Management, kimai: ROLE_TEAMLEAD }
{{ end }}
connection:
# You SAML provider
# Your Authentik instance, replace https://authentik.company with your authentik URL

View File

@ -0,0 +1,5 @@
If you have SSO enabled this upgrade will break unless you add
`SSO_KEYCLOAK=1` or `SSO_AUTHENTIK=1` in your env file for kimai!
This allows us to support both SSO methods
knoflook @ kotec.pl