coop-cloud/mattermost
coop-cloud/mattermost
1
0
Fork 2
Code Issues Pull Requests Projects Releases Wiki Activity

SSO and email support added

Browse Source
This commit is contained in:
marlon 2025-02-10 17:48:48 -05:00
parent 4e635659e1
commit 107bc2fca9
3 changed files with 78 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

53
README.md
View File

@ -24,5 +24,58 @@
5. `abra app deploy YOURAPPNAME` 5. `abra app deploy YOURAPPNAME`
6. Open the configured domain in your browser to finish set-up 6. Open the configured domain in your browser to finish set-up
## Enable Email
- `abra app config YOURAPPNAME`
- Uncomment the section starting with **Email Support**
- `abra app secret i chat.justiceexchange.org smtp_pass v1 'yourSMTPpassword'`
- `abra app undeploy YOURAPPNAME`
- `abra app deploy YOURAPPNAME`
## Enable SSO with Authentik
This is how to configure your Mattermost server to accept logins from your Authentik SSO provider.
### Configure Authentik
#### Create a property mapping
- Log in as administrator of your Authentik instance
- Go to https://authentik.yourserver.org/if/admin/#/core/property-mappings and choose **Create**
- Choose Scope Mapping
- Name: `Mattermost ID`
- Scope Name: `id`
- Description: *optional own description*
- Expression: `return { "id": request.user.id }`
- Create another Scope Mapping
- Name: `Mattermost Username`
- Scope Name: `username`
- Description: *optional own description*
- Expression: `return { "username": request.user.username }`
#### Create Application and Provider
- Go to https://authentik.yourserver.org/if/admin/#/core/applications and choose **Create With Wizard**
- Application Name: mattermost
- **Next**
- Choose OAuth2/OIDC
- Set Authorization flow: `default-provider-authorization-implicit-consent (Authorize Application)`
- Copy the **Client ID** and **Client Secret**, you'll need them later
- Add Redirect URIs:
- https://mattermost.yourserver.org/login/gitlab/complete
- https://mattermost.yourserver.org/signup/gitlab/complete
- Expand Advanced Protocol Settings
- Under Scopes, select `Mattermost ID` and `Mattermost Username`, and click the > to add them to **Selected Scopes**
- **Submit**
### Configure Mattermost
**WARNING: Following these steps will overwrite the configuration of your Mattermost instance**
- `abra app configure YOURAPPNAME`
- Uncomment the section starting with `## SSO config`
- Set `SSO_ID` to the value you saved when configuring Authentik
- `abra app secret insert YOURAPPNAME mattermost_sso_secret v1 <the authentik provider secret you saved>`
- `abra app undeploy YOURAPPNAME`
- `abra app deploy YOURAPPNAME`
### Disable non-SSO login (Optional)
- Ensure that your SSO user has the **System Admin** role: https://YOURAPPNAME/admin_console/user_management/users
- Go to https://YOURAPPNAME/admin_console/authentication/email
- Set **Enable sign-in with email** and **Enable sign-in with username** to `false`
[`abra`]: https://git.coopcloud.tech/coop-cloud/abra [`abra`]: https://git.coopcloud.tech/coop-cloud/abra
[`coop-cloud/traefik`]: https://git.coopcloud.tech/coop-cloud/traefik [`coop-cloud/traefik`]: https://git.coopcloud.tech/coop-cloud/traefik

11
compose.email.yml Normal file
View File

@ -0,0 +1,11 @@
version: "3.8"
services:
app:
secrets:
- smtp_pass
secrets:
smtp_pass:
external: true
name: ${STACK_NAME}_smtp_pass_${SECRET_SMTP_PASS_VERSION}

28
config.json.tmpl
View File

@ -256,22 +256,22 @@
}, },
"EmailSettings": { "EmailSettings": {
"EnableSignUpWithEmail": true, "EnableSignUpWithEmail": true,
"EnableSignInWithEmail": false, "EnableSignInWithEmail": true,
"EnableSignInWithUsername": false, "EnableSignInWithUsername": true,
"SendEmailNotifications": false, "SendEmailNotifications": true,
"UseChannelInEmailNotifications": false, "UseChannelInEmailNotifications": false,
"RequireEmailVerification": false, "RequireEmailVerification": false,
"FeedbackName": "", "FeedbackName": "{{ env "ORG_NAME" }}",
"FeedbackEmail": "", "FeedbackEmail": "{{ env "ORG_EMAIL_ADDRESS" }}",
"ReplyToAddress": "", "ReplyToAddress": "{{ env "ORG_EMAIL_ADDRESS" }}",
"FeedbackOrganization": "", "FeedbackOrganization": "",
"EnableSMTPAuth": false, "EnableSMTPAuth": true,
"SMTPUsername": "", "SMTPUsername": "{{ env "SMTP_USER" }}",
"SMTPPassword": "", "SMTPPassword": "{{ secret "smtp_pass" }}",
"SMTPServer": "localhost", "SMTPServer": "{{ env "SMTP_HOST" }}",
"SMTPPort": "10025", "SMTPPort": "{{ env "SMTP_PORT" }}",
"SMTPServerTimeout": 10, "SMTPServerTimeout": 10,
"ConnectionSecurity": "", "ConnectionSecurity": "{{ env "SMTP_SECURITY" }}",
"SendPushNotifications": true, "SendPushNotifications": true,
"PushNotificationServer": "https://push-test.mattermost.com", "PushNotificationServer": "https://push-test.mattermost.com",
"PushNotificationContents": "full", "PushNotificationContents": "full",
@ -279,7 +279,7 @@
"EnableEmailBatching": false, "EnableEmailBatching": false,
"EmailBatchingBufferSize": 256, "EmailBatchingBufferSize": 256,
"EmailBatchingInterval": 30, "EmailBatchingInterval": 30,
"EnablePreviewModeBanner": true, "EnablePreviewModeBanner": false,
"SkipServerCertificateVerification": false, "SkipServerCertificateVerification": false,
"EmailNotificationContentsType": "full", "EmailNotificationContentsType": "full",
"LoginButtonColor": "#0000", "LoginButtonColor": "#0000",
@ -306,7 +306,7 @@
"HelpLink": "https://mattermost.com/pl/help/", "HelpLink": "https://mattermost.com/pl/help/",
"ReportAProblemLink": "https://mattermost.com/pl/report-a-bug", "ReportAProblemLink": "https://mattermost.com/pl/report-a-bug",
"ForgotPasswordLink": "", "ForgotPasswordLink": "",
"SupportEmail": "", "SupportEmail": "{{ env "ORG_EMAIL_ADDRESS" }}",
"CustomTermsOfServiceEnabled": false, "CustomTermsOfServiceEnabled": false,
"CustomTermsOfServiceReAcceptancePeriod": 365, "CustomTermsOfServiceReAcceptancePeriod": 365,
"EnableAskCommunityLink": true "EnableAskCommunityLink": true