switch to keycloak as oauth method

abra.sh

@@ -1,7 +1,7 @@
 export ENTRYPOINT_CONF_VERSION=v1
-export LOCAL_CONF_VERSION=v1
+export LOCAL_CONF_VERSION=v2
 
 create_admin () {
     export DATABASE_URL="$DATABASE_TYPE://$DATABASE_USER:$(cat /run/secrets/db_password)@$DATABASE_HOST/$DATABASE_NAME"
-    /opt/kimai/bin/console kimai:create-user admin admin@example.org ROLE_SUPER_ADMIN 
+    /opt/kimai/bin/console kimai:create-user admin admin@example.org ROLE_SUPER_ADMIN
 }

local.yaml.tmpl

@@ -4,13 +4,14 @@ kimai:
     activate: true
     title: Login with SAML
     mapping:
-      - { saml: $http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress, kimai: email }
-      - { saml: $http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name, kimai: alias }
+      - { saml: $Email, kimai: email }
+      - { saml: $FirstName $LastName, kimai: alias }
     roles:
-      attribute: http://schemas.xmlsoap.org/claims/Group
+      resetOnLogin: true
+      attribute: Roles
       mapping:
-      # Insert your roles here (ROLE_USER is added automatically)
-        - { saml: admin.group, kimai: ROLE_ADMIN }
+        - { saml: Admins, kimai: ROLE_ADMIN }
+        - { saml: Management, kimai: ROLE_TEAMLEAD }
     connection:
       # You SAML provider
       # Your Authentik instance, replace https://authentik.company with your authentik URL