feat: support both authentik and keycloak
This commit is contained in:
parent
0c691d8f40
commit
525ed5ab4e
|
@ -10,6 +10,9 @@ SECRET_DB_ROOT_PASSWORD_VERSION=v1
|
||||||
SECRET_ADMIN_PASSWORD_VERSION=v1
|
SECRET_ADMIN_PASSWORD_VERSION=v1
|
||||||
|
|
||||||
# SSO_ENABLED=0
|
# SSO_ENABLED=0
|
||||||
|
## only set one of those depending on which SSO you're using
|
||||||
|
# SSO_AUTHENTIK=1
|
||||||
|
# SSO_KEYCLOAK=0
|
||||||
# SSO_PROVIDER_URL=https://sso.example.org/
|
# SSO_PROVIDER_URL=https://sso.example.org/
|
||||||
# SSO_SAML_URL=https://sso.example.org/application/saml/<application-slug>/sso/binding/redirect/
|
# SSO_SAML_URL=https://sso.example.org/application/saml/<application-slug>/sso/binding/redirect/
|
||||||
# SSO_LOGOUT_URL=https://sso.example.org/if/session-end/<application-slug>/
|
# SSO_LOGOUT_URL=https://sso.example.org/if/session-end/<application-slug>/
|
||||||
|
|
2
abra.sh
2
abra.sh
|
@ -1,5 +1,5 @@
|
||||||
export ENTRYPOINT_CONF_VERSION=v1
|
export ENTRYPOINT_CONF_VERSION=v1
|
||||||
export LOCAL_CONF_VERSION=v2
|
export LOCAL_CONF_VERSION=v3
|
||||||
|
|
||||||
create_admin () {
|
create_admin () {
|
||||||
export DATABASE_URL="$DATABASE_TYPE://$DATABASE_USER:$(cat /run/secrets/db_password)@$DATABASE_HOST/$DATABASE_NAME"
|
export DATABASE_URL="$DATABASE_TYPE://$DATABASE_USER:$(cat /run/secrets/db_password)@$DATABASE_HOST/$DATABASE_NAME"
|
||||||
|
|
|
@ -3,6 +3,17 @@ kimai:
|
||||||
saml:
|
saml:
|
||||||
activate: true
|
activate: true
|
||||||
title: Login with SAML
|
title: Login with SAML
|
||||||
|
{{ if eq env "SSO_AUTHENTIK"} "1" }}
|
||||||
|
mapping:
|
||||||
|
- { saml: $http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress, kimai: email }
|
||||||
|
- { saml: $http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name, kimai: alias }
|
||||||
|
roles:
|
||||||
|
attribute: http://schemas.xmlsoap.org/claims/Group
|
||||||
|
resetOnLogin: true
|
||||||
|
attribute: Roles
|
||||||
|
mapping:
|
||||||
|
- { saml: admin.group, kimai: ROLE_ADMIN }
|
||||||
|
{{ else if eq (env "SSO_KEYCLOAK") "1" }}
|
||||||
mapping:
|
mapping:
|
||||||
- { saml: $Email, kimai: email }
|
- { saml: $Email, kimai: email }
|
||||||
- { saml: $FirstName $LastName, kimai: alias }
|
- { saml: $FirstName $LastName, kimai: alias }
|
||||||
|
@ -12,6 +23,7 @@ kimai:
|
||||||
mapping:
|
mapping:
|
||||||
- { saml: Admins, kimai: ROLE_ADMIN }
|
- { saml: Admins, kimai: ROLE_ADMIN }
|
||||||
- { saml: Management, kimai: ROLE_TEAMLEAD }
|
- { saml: Management, kimai: ROLE_TEAMLEAD }
|
||||||
|
{{ end }}
|
||||||
connection:
|
connection:
|
||||||
# You SAML provider
|
# You SAML provider
|
||||||
# Your Authentik instance, replace https://authentik.company with your authentik URL
|
# Your Authentik instance, replace https://authentik.company with your authentik URL
|
||||||
|
|
|
@ -0,0 +1,5 @@
|
||||||
|
If you have SSO enabled this upgrade will break unless you add
|
||||||
|
`SSO_KEYCLOAK=1` or `SSO_AUTHENTIK=1` in your env file for kimai!
|
||||||
|
This allows us to support both SSO methods
|
||||||
|
|
||||||
|
knoflook @ kotec.pl
|
Loading…
Reference in New Issue