From 59314ab17d65e9579d2f29b32685b7777f2a06a1 Mon Sep 17 00:00:00 2001 From: Lauri Ojansivu Date: Tue, 12 Feb 2019 03:09:30 +0200 Subject: - Add OIDC claim mapping parameters to docker-compose.yml/Snap/Source. Thanks to xet7 ! --- start-wekan.sh | 94 ++++++++++++++++++++++++++++++++++++++++++---------------- 1 file changed, 68 insertions(+), 26 deletions(-) (limited to 'start-wekan.sh') diff --git a/start-wekan.sh b/start-wekan.sh index bd052588..dd639aae 100755 --- a/start-wekan.sh +++ b/start-wekan.sh @@ -20,6 +20,10 @@ function wekan_repo_check(){ #while true; do wekan_repo_check cd .build/bundle + #--------------------------------------------- + # Debug OIDC OAuth2 etc. + #export DEBUG=true + #--------------------------------------------- export MONGO_URL='mongodb://127.0.0.1:27019/wekan' #--------------------------------------------- # Production: https://example.com/wekan @@ -41,7 +45,7 @@ function wekan_repo_check(){ export WITH_API='true' #--------------------------------------------- # CORS: Set Access-Control-Allow-Origin header. Example: * - #- CORS=* + #export CORS=* #--------------------------------------------- ## Optional: Integration with Matomo https://matomo.org that is installed to your server ## The address of the server where Matomo is hosted: @@ -68,28 +72,66 @@ function wekan_repo_check(){ # Example: export WEBHOOKS_ATTRIBUTES=cardId,listId,oldListId,boardId,comment,user,card,commentId export WEBHOOKS_ATTRIBUTES='' #--------------------------------------------- + # ==== OAUTH2 AZURE ==== + # https://github.com/wekan/wekan/wiki/Azure + # 1) Register the application with Azure. Make sure you capture + # the application ID as well as generate a secret key. + # 2) Configure the environment variables. This differs slightly + # by installation type, but make sure you have the following: + #export OAUTH2_ENABLED=true + # Application GUID captured during app registration: + #export OAUTH2_CLIENT_ID=xxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx + # Secret key generated during app registration: + #export OAUTH2_SECRET=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx + #export OAUTH2_SERVER_URL=https://login.microsoftonline.com/ + #export OAUTH2_AUTH_ENDPOINT=/oauth2/v2.0/authorize + #export OAUTH2_USERINFO_ENDPOINT=https://graph.microsoft.com/oidc/userinfo + #export OAUTH2_TOKEN_ENDPOINT=/oauth2/v2.0/token + # The claim name you want to map to the unique ID field: + #export OAUTH2_ID_MAP=email + # The claim name you want to map to the username field: + #export OAUTH2_USERNAME_MAP=email + # The claim name you want to map to the full name field: + #export OAUTH2_FULLNAME_MAP=name + # Tthe claim name you want to map to the email field: + #export OAUTH2_EMAIL_MAP=email + #----------------------------------------------------------------- + # ==== OAUTH2 KEYCLOAK ==== + # https://github.com/wekan/wekan/wiki/Keycloak <== MAPPING INFO, REQUIRED + #export OAUTH2_ENABLED=true + #export OAUTH2_CLIENT_ID= + #export OAUTH2_SERVER_URL=/auth + #export OAUTH2_AUTH_ENDPOINT=/realms//protocol/openid-connect/auth + #export OAUTH2_USERINFO_ENDPOINT=/realms//protocol/openid-connect/userinfo + #export OAUTH2_TOKEN_ENDPOINT=/realms//protocol/openid-connect/token + #export OAUTH2_SECRET= + #----------------------------------------------------------------- + # ==== OAUTH2 DOORKEEPER ==== + # https://github.com/wekan/wekan/issues/1874 + # https://github.com/wekan/wekan/wiki/OAuth2 + # Enable the OAuth2 connection + #export OAUTH2_ENABLED=true # OAuth2 docs: https://github.com/wekan/wekan/wiki/OAuth2 - # OAuth2 Client ID, for example from Rocket.Chat. Example: abcde12345 - # example: export OAUTH2_CLIENT_ID=abcde12345 - #export OAUTH2_CLIENT_ID='' - # OAuth2 Secret, for example from Rocket.Chat: Example: 54321abcde - # example: export OAUTH2_SECRET=54321abcde - #export OAUTH2_SECRET='' - # OAuth2 Server URL, for example Rocket.Chat. Example: https://chat.example.com - # example: export OAUTH2_SERVER_URL=https://chat.example.com - #export OAUTH2_SERVER_URL='' - # OAuth2 Authorization Endpoint. Example: /oauth/authorize - # example: export OAUTH2_AUTH_ENDPOINT=/oauth/authorize - #export OAUTH2_AUTH_ENDPOINT='' - # OAuth2 Userinfo Endpoint. Example: /oauth/userinfo - # example: export OAUTH2_USERINFO_ENDPOINT=/oauth/userinfo - #export OAUTH2_USERINFO_ENDPOINT='' - # OAuth2 Token Endpoint. Example: /oauth/token - # example: export OAUTH2_TOKEN_ENDPOINT=/oauth/token - #export OAUTH2_TOKEN_ENDPOINT='' - #--------------------------------------------- - # Debug OIDC OAuth2 etc. - #export DEBUG=true + # OAuth2 Client ID. + #export OAUTH2_CLIENT_ID=abcde12345 + # OAuth2 Secret. + #export OAUTH2_SECRET=54321abcde + # OAuth2 Server URL. + #export OAUTH2_SERVER_URL=https://chat.example.com + # OAuth2 Authorization Endpoint. + #export OAUTH2_AUTH_ENDPOINT=/oauth/authorize + # OAuth2 Userinfo Endpoint. + #export OAUTH2_USERINFO_ENDPOINT=/oauth/userinfo + # OAuth2 Token Endpoint. + #export OAUTH2_TOKEN_ENDPOINT=/oauth/token + # OAuth2 ID Mapping + #export OAUTH2_ID_MAP= + # OAuth2 Username Mapping + #export OAUTH2_USERNAME_MAP= + # OAuth2 Fullname Mapping + #export OAUTH2_FULLNAME_MAP= + # OAuth2 Email Mapping + #export OAUTH2_EMAIL_MAP= #--------------------------------------------- # LDAP_ENABLE : Enable or not the connection by the LDAP # example : export LDAP_ENABLE=true @@ -213,14 +255,14 @@ function wekan_repo_check(){ #export LDAP_DEFAULT_DOMAIN= # LOGOUT_WITH_TIMER : Enables or not the option logout with timer # example : LOGOUT_WITH_TIMER=true - #- LOGOUT_WITH_TIMER= + #export LOGOUT_WITH_TIMER= # LOGOUT_IN : The number of days # example : LOGOUT_IN=1 - #- LOGOUT_IN= - #- LOGOUT_ON_HOURS= + #export LOGOUT_IN= + #export LOGOUT_ON_HOURS= # LOGOUT_ON_MINUTES : The number of minutes # example : LOGOUT_ON_MINUTES=55 - #- LOGOUT_ON_MINUTES= + #export LOGOUT_ON_MINUTES= node main.js # & >> ../../wekan.log -- cgit v1.2.3-1-g7c22