mirror of
https://github.com/wekan/wekan.git
synced 2025-04-19 11:44:42 -04:00
Added some CAS and SAML settings. Not tested. Please test and send pull requests if it does not work.
See https://github.com/wekan/wekan/wiki/SAML and https://github.com/wekan/wekan/wiki/CAS Thanks to xet7 ! Related #3204, related #708
This commit is contained in:
Lauri Ojansivu
parent
e0192f570e
commit
214c86cc22
15 changed files with 325 additions and 7 deletions
|
|
@ -113,7 +113,22 @@ ENV \
|
|||
CORS_ALLOW_HEADERS="" \
|
||||
CORS_EXPOSE_HEADERS="" \
|
||||
DEFAULT_AUTHENTICATION_METHOD="" \
|
||||
PASSWORD_LOGIN_ENABLED=true
|
||||
PASSWORD_LOGIN_ENABLED=true \
|
||||
CAS_ENABLED=false \
|
||||
CAS_BASE_URL="" \
|
||||
CAS_LOGIN_URL="" \
|
||||
CAS_VALIDATE_URL="" \
|
||||
SAML_ENABLED=false \
|
||||
SAML_PROVIDER="" \
|
||||
SAML_ENTRYPOINT="" \
|
||||
SAML_ISSUER="" \
|
||||
SAML_CERT="" \
|
||||
SAML_IDPSLO_REDIRECTURL="" \
|
||||
SAML_PRIVATE_KEYFILE="" \
|
||||
SAML_PUBLIC_CERTFILE="" \
|
||||
SAML_IDENTIFIER_FORMAT="" \
|
||||
SAML_LOCAL_PROFILE_MATCH_ATTRIBUTE="" \
|
||||
SAML_ATTRIBUTES=""
|
||||
|
||||
# Install OS
|
||||
RUN set -o xtrace \
|
||||
|
|
|
|||
|
|
@ -97,3 +97,4 @@ easylogic:summernote
|
|||
cfs:filesystem
|
||||
ostrio:cookies
|
||||
tmeasday:check-npm-versions
|
||||
wekan-meteor-accounts-saml
|
||||
|
|
|
|||
|
|
@ -192,6 +192,7 @@ wekan-accounts-cas@0.1.0
|
|||
wekan-accounts-oidc@1.0.10
|
||||
wekan-ldap@0.0.2
|
||||
wekan-markdown@1.0.9
|
||||
wekan-meteor-accounts-saml@0.0.18
|
||||
wekan-oidc@1.0.12
|
||||
yasaricli:slugify@0.0.7
|
||||
zimme:active-route@2.3.2
|
||||
|
|
|
|||
17
Dockerfile
17
Dockerfile
|
|
@ -115,7 +115,22 @@ ENV BUILD_DEPS="apt-utils libarchive-tools gnupg gosu wget curl bzip2 g++ build-
|
|||
CORS_ALLOW_HEADERS="" \
|
||||
CORS_EXPOSE_HEADERS="" \
|
||||
DEFAULT_AUTHENTICATION_METHOD="" \
|
||||
PASSWORD_LOGIN_ENABLED=true
|
||||
PASSWORD_LOGIN_ENABLED=true \
|
||||
CAS_ENABLED=false \
|
||||
CAS_BASE_URL="" \
|
||||
CAS_LOGIN_URL="" \
|
||||
CAS_VALIDATE_URL="" \
|
||||
SAML_ENABLED=false \
|
||||
SAML_PROVIDER="" \
|
||||
SAML_ENTRYPOINT="" \
|
||||
SAML_ISSUER="" \
|
||||
SAML_CERT="" \
|
||||
SAML_IDPSLO_REDIRECTURL="" \
|
||||
SAML_PRIVATE_KEYFILE="" \
|
||||
SAML_PUBLIC_CERTFILE="" \
|
||||
SAML_IDENTIFIER_FORMAT="" \
|
||||
SAML_LOCAL_PROFILE_MATCH_ATTRIBUTE="" \
|
||||
SAML_ATTRIBUTES=""
|
||||
|
||||
# Copy the app to the image
|
||||
COPY ${SRC_PATH} /home/wekan/app
|
||||
|
|
|
|||
|
|
@ -169,6 +169,19 @@ async function authentication(event, templateInstance) {
|
|||
});
|
||||
});
|
||||
|
||||
case 'saml':
|
||||
return new Promise(resolve => {
|
||||
const provider = Meteor.settings.public.SAML_PROVIDER;
|
||||
Meteor.loginWithSaml(
|
||||
{
|
||||
provider,
|
||||
},
|
||||
function() {
|
||||
resolve(FlowRouter.go('/'));
|
||||
},
|
||||
);
|
||||
});
|
||||
|
||||
case 'cas':
|
||||
return new Promise(resolve => {
|
||||
Meteor.loginWithCas(match, password, function() {
|
||||
|
|
|
|||
|
|
@ -601,7 +601,24 @@ services:
|
|||
# Hide password login form
|
||||
# - PASSWORD_LOGIN_ENABLED=true
|
||||
#-------------------------------------------------------------------
|
||||
depends_on:
|
||||
#- CAS_ENABLED=true
|
||||
#- CAS_BASE_URL=https://cas.example.com/cas
|
||||
#- CAS_LOGIN_URL=https://cas.example.com/login
|
||||
#- CAS_VALIDATE_URL=https://cas.example.com/cas/p3/serviceValidate
|
||||
#---------------------------------------------------------------------
|
||||
#- SAML_ENABLED=true
|
||||
#- SAML_PROVIDER=
|
||||
#- SAML_ENTRYPOINT=
|
||||
#- SAML_ISSUER=
|
||||
#- SAML_CERT=
|
||||
#- SAML_IDPSLO_REDIRECTURL=
|
||||
#- SAML_PRIVATE_KEYFILE=
|
||||
#- SAML_PUBLIC_CERTFILE=
|
||||
#- SAML_IDENTIFIER_FORMAT=
|
||||
#- SAML_LOCAL_PROFILE_MATCH_ATTRIBUTE=
|
||||
#- SAML_ATTRIBUTES=
|
||||
#---------------------------------------------------------------------
|
||||
depends_on:
|
||||
- wekandb
|
||||
|
||||
#---------------------------------------------------------------------------------
|
||||
|
|
|
|||
1
packages/meteor-accounts-saml
Submodule
1
packages/meteor-accounts-saml
Submodule
|
|
@ -0,0 +1 @@
|
|||
Subproject commit b91e65d728d1393ab83fe7dfdd37948b91c04161
|
||||
|
|
@ -361,6 +361,24 @@
|
|||
#---------------------------------------------------------------------
|
||||
# PASSWORD_LOGIN_ENABLED : Enable or not the password login form.
|
||||
#export PASSWORD_LOGIN_ENABLED=true
|
||||
#---------------------------------------------------------------------
|
||||
#export CAS_ENABLED=true
|
||||
#export CAS_BASE_URL=https://cas.example.com/cas
|
||||
#export CAS_LOGIN_URL=https://cas.example.com/login
|
||||
#export CAS_VALIDATE_URL=https://cas.example.com/cas/p3/serviceValidate
|
||||
#---------------------------------------------------------------------
|
||||
#export SAML_ENABLED=true
|
||||
#export SAML_PROVIDER=
|
||||
#export SAML_ENTRYPOINT=
|
||||
#export SAML_ISSUER=
|
||||
#export SAML_CERT=
|
||||
#export SAML_IDPSLO_REDIRECTURL=
|
||||
#export SAML_PRIVATE_KEYFILE=
|
||||
#export SAML_PUBLIC_CERTFILE=
|
||||
#export SAML_IDENTIFIER_FORMAT=
|
||||
#export SAML_LOCAL_PROFILE_MATCH_ATTRIBUTE=
|
||||
#export SAML_ATTRIBUTES=
|
||||
#---------------------------------------------------------------------
|
||||
|
||||
node main.js & >> ~/repos/wekan.log
|
||||
cd ~/repos
|
||||
|
|
|
|||
|
|
@ -63,7 +63,10 @@ Meteor.startup(() => {
|
|||
};
|
||||
|
||||
if (Meteor.isServer) {
|
||||
if (process.env.OAUTH2_CLIENT_ID !== '') {
|
||||
if (
|
||||
process.env.OAUTH2_ENABLED === 'true' ||
|
||||
process.env.OAUTH2_ENABLED === true
|
||||
) {
|
||||
ServiceConfiguration.configurations.upsert(
|
||||
// eslint-disable-line no-undef
|
||||
{ service: 'oidc' },
|
||||
|
|
@ -85,5 +88,72 @@ Meteor.startup(() => {
|
|||
},
|
||||
);
|
||||
}
|
||||
} else if (
|
||||
process.env.CAS_ENABLED === 'true' ||
|
||||
process.env.CAS_ENABLED === true
|
||||
) {
|
||||
ServiceConfiguration.configurations.upsert(
|
||||
// eslint-disable-line no-undef
|
||||
{ service: 'cas' },
|
||||
{
|
||||
$set: {
|
||||
baseUrl: process.env.CAS_BASE_URL,
|
||||
loginUrl: process.env.CAS_LOGIN_URL,
|
||||
serviceParam: 'service',
|
||||
popupWidth: 810,
|
||||
popupHeight: 610,
|
||||
popup: true,
|
||||
autoClose: true,
|
||||
validateUrl: process.env.CASE_VALIDATE_URL,
|
||||
casVersion: 3.0,
|
||||
attributes: {
|
||||
debug: process.env.DEBUG,
|
||||
},
|
||||
},
|
||||
},
|
||||
);
|
||||
} else if (
|
||||
process.env.SAML_ENABLED === 'true' ||
|
||||
process.env.SAML_ENABLED === true
|
||||
) {
|
||||
ServiceConfiguration.configurations.upsert(
|
||||
// eslint-disable-line no-undef
|
||||
{ service: 'saml' },
|
||||
{
|
||||
$set: {
|
||||
provider: process.env.SAML_PROVIDER,
|
||||
entryPoint: process.env.SAML_ENTRYPOINT,
|
||||
issuer: process.env.SAML_ISSUER,
|
||||
cert: process.env.SAML_CERT,
|
||||
idpSLORedirectURL: process.env.SAML_IDPSLO_REDIRECTURL,
|
||||
privateKeyFile: process.env.SAML_PRIVATE_KEYFILE,
|
||||
publicCertFile: process.env.SAML_PUBLIC_CERTFILE,
|
||||
identifierFormat: process.env.SAML_IDENTIFIER_FORMAT,
|
||||
localProfileMatchAttribute:
|
||||
process.env.SAML_LOCAL_PROFILE_MATCH_ATTRIBUTE,
|
||||
attributesSAML: process.env.SAML_ATTRIBUTES || [
|
||||
'sn',
|
||||
'givenName',
|
||||
'mail',
|
||||
],
|
||||
|
||||
/*
|
||||
settings = {"saml":[{
|
||||
"provider":"openam",
|
||||
"entryPoint":"https://openam.idp.io/openam/SSORedirect/metaAlias/zimt/idp",
|
||||
"issuer": "https://sp.zimt.io/", //replace with url of your app
|
||||
"cert":"MIICizCCAfQCCQCY8tKaMc0 LOTS OF FUNNY CHARS ==",
|
||||
"idpSLORedirectURL": "http://openam.idp.io/openam/IDPSloRedirect/metaAlias/zimt/idp",
|
||||
"privateKeyFile": "certs/mykey.pem", // path is relative to $METEOR-PROJECT/private
|
||||
"publicCertFile": "certs/mycert.pem", // eg $METEOR-PROJECT/private/certs/mycert.pem
|
||||
"dynamicProfile": true // set to true if we want to create a user in Meteor.users dynamically if SAML assertion is valid
|
||||
"identifierFormat": "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", // Defaults to urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
|
||||
"localProfileMatchAttribute": "telephoneNumber" // CAUTION: this will be mapped to profile.<localProfileMatchAttribute> attribute in Mongo if identifierFormat (see above) differs from urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress,
|
||||
"attributesSAML": [telephoneNumber, sn, givenName, mail], // attrs from SAML attr statement, which will be used for local Meteor profile creation. Currently no real attribute mapping. If required use mapping on IdP side.
|
||||
}]}
|
||||
*/
|
||||
},
|
||||
},
|
||||
);
|
||||
}
|
||||
});
|
||||
|
|
|
|||
5
server/saml.js
Normal file
5
server/saml.js
Normal file
|
|
@ -0,0 +1,5 @@
|
|||
Meteor.startup(() => {
|
||||
if (process.env.SAML_PROVIDER !== '') {
|
||||
Meteor.settings.public.SAML_PROVIDER = process.env.SAML_PROVIDER;
|
||||
}
|
||||
});
|
||||
|
|
@ -3,7 +3,7 @@
|
|||
# All supported keys are defined here together with descriptions and default values
|
||||
|
||||
# list of supported keys
|
||||
keys="DEBUG MONGO_URL MONGODB_BIND_UNIX_SOCKET MONGO_URL MONGODB_BIND_IP MONGODB_PORT MAIL_URL MAIL_FROM ROOT_URL PORT DISABLE_MONGODB CADDY_ENABLED CADDY_BIND_PORT WITH_API RICHER_CARD_COMMENT_EDITOR CARD_OPENED_WEBHOOK_ENABLED ACCOUNTS_LOCKOUT_KNOWN_USERS_FAILURES_BEFORE ACCOUNTS_LOCKOUT_KNOWN_USERS_PERIOD ACCOUNTS_LOCKOUT_KNOWN_USERS_FAILURE_WINDOW ACCOUNTS_LOCKOUT_UNKNOWN_USERS_FAILURES_BERORE ACCOUNTS_LOCKOUT_UNKNOWN_USERS_LOCKOUT_PERIOD ACCOUNTS_LOCKOUT_UNKNOWN_USERS_FAILURE_WINDOW MAX_IMAGE_PIXEL IMAGE_COMPRESS_RATIO BIGEVENTS_PATTERN NOTIFICATION_TRAY_AFTER_READ_DAYS_BEFORE_REMOVE NOTIFY_DUE_DAYS_BEFORE_AND_AFTER NOTIFY_DUE_AT_HOUR_OF_DAY EMAIL_NOTIFICATION_TIMEOUT CORS CORS_ALLOW_HEADERS CORS_EXPOSE_HEADERS MATOMO_ADDRESS MATOMO_SITE_ID MATOMO_DO_NOT_TRACK MATOMO_WITH_USERNAME BROWSER_POLICY_ENABLED TRUSTED_URL WEBHOOKS_ATTRIBUTES OAUTH2_ENABLED OAUTH2_LOGIN_STYLE OAUTH2_CLIENT_ID OAUTH2_SECRET OAUTH2_SERVER_URL OAUTH2_AUTH_ENDPOINT OAUTH2_USERINFO_ENDPOINT OAUTH2_TOKEN_ENDPOINT OAUTH2_ID_MAP OAUTH2_USERNAME_MAP OAUTH2_FULLNAME_MAP OAUTH2_ID_TOKEN_WHITELIST_FIELDS OAUTH2_EMAIL_MAP OAUTH2_REQUEST_PERMISSIONS OAUTH2_ADFS_ENABLED LDAP_ENABLE LDAP_PORT LDAP_HOST LDAP_BASEDN LDAP_LOGIN_FALLBACK LDAP_RECONNECT LDAP_TIMEOUT LDAP_IDLE_TIMEOUT LDAP_CONNECT_TIMEOUT LDAP_AUTHENTIFICATION LDAP_AUTHENTIFICATION_USERDN LDAP_AUTHENTIFICATION_PASSWORD LDAP_LOG_ENABLED LDAP_BACKGROUND_SYNC LDAP_BACKGROUND_SYNC_INTERVAL LDAP_BACKGROUND_SYNC_KEEP_EXISTANT_USERS_UPDATED LDAP_BACKGROUND_SYNC_IMPORT_NEW_USERS LDAP_ENCRYPTION LDAP_CA_CERT LDAP_REJECT_UNAUTHORIZED LDAP_USER_AUTHENTICATION LDAP_USER_AUTHENTICATION_FIELD LDAP_USER_SEARCH_FILTER LDAP_USER_SEARCH_SCOPE LDAP_USER_SEARCH_FIELD LDAP_SEARCH_PAGE_SIZE LDAP_SEARCH_SIZE_LIMIT LDAP_GROUP_FILTER_ENABLE LDAP_GROUP_FILTER_OBJECTCLASS LDAP_GROUP_FILTER_GROUP_ID_ATTRIBUTE LDAP_GROUP_FILTER_GROUP_MEMBER_ATTRIBUTE LDAP_GROUP_FILTER_GROUP_MEMBER_FORMAT LDAP_GROUP_FILTER_GROUP_NAME LDAP_UNIQUE_IDENTIFIER_FIELD LDAP_UTF8_NAMES_SLUGIFY LDAP_USERNAME_FIELD LDAP_FULLNAME_FIELD LDAP_MERGE_EXISTING_USERS LDAP_SYNC_USER_DATA LDAP_SYNC_USER_DATA_FIELDMAP LDAP_SYNC_GROUP_ROLES LDAP_DEFAULT_DOMAIN LDAP_EMAIL_MATCH_ENABLE LDAP_EMAIL_MATCH_REQUIRE LDAP_EMAIL_MATCH_VERIFIED LDAP_EMAIL_FIELD LDAP_SYNC_ADMIN_STATUS LDAP_SYNC_ADMIN_GROUPS HEADER_LOGIN_ID HEADER_LOGIN_FIRSTNAME HEADER_LOGIN_LASTNAME HEADER_LOGIN_EMAIL LOGOUT_WITH_TIMER LOGOUT_IN LOGOUT_ON_HOURS LOGOUT_ON_MINUTES DEFAULT_AUTHENTICATION_METHOD ATTACHMENTS_STORE_PATH PASSWORD_LOGIN_ENABLED"
|
||||
keys="DEBUG MONGO_URL MONGODB_BIND_UNIX_SOCKET MONGO_URL MONGODB_BIND_IP MONGODB_PORT MAIL_URL MAIL_FROM ROOT_URL PORT DISABLE_MONGODB CADDY_ENABLED CADDY_BIND_PORT WITH_API RICHER_CARD_COMMENT_EDITOR CARD_OPENED_WEBHOOK_ENABLED ACCOUNTS_LOCKOUT_KNOWN_USERS_FAILURES_BEFORE ACCOUNTS_LOCKOUT_KNOWN_USERS_PERIOD ACCOUNTS_LOCKOUT_KNOWN_USERS_FAILURE_WINDOW ACCOUNTS_LOCKOUT_UNKNOWN_USERS_FAILURES_BERORE ACCOUNTS_LOCKOUT_UNKNOWN_USERS_LOCKOUT_PERIOD ACCOUNTS_LOCKOUT_UNKNOWN_USERS_FAILURE_WINDOW MAX_IMAGE_PIXEL IMAGE_COMPRESS_RATIO BIGEVENTS_PATTERN NOTIFICATION_TRAY_AFTER_READ_DAYS_BEFORE_REMOVE NOTIFY_DUE_DAYS_BEFORE_AND_AFTER NOTIFY_DUE_AT_HOUR_OF_DAY EMAIL_NOTIFICATION_TIMEOUT CORS CORS_ALLOW_HEADERS CORS_EXPOSE_HEADERS MATOMO_ADDRESS MATOMO_SITE_ID MATOMO_DO_NOT_TRACK MATOMO_WITH_USERNAME BROWSER_POLICY_ENABLED TRUSTED_URL WEBHOOKS_ATTRIBUTES OAUTH2_ENABLED OAUTH2_LOGIN_STYLE OAUTH2_CLIENT_ID OAUTH2_SECRET OAUTH2_SERVER_URL OAUTH2_AUTH_ENDPOINT OAUTH2_USERINFO_ENDPOINT OAUTH2_TOKEN_ENDPOINT OAUTH2_ID_MAP OAUTH2_USERNAME_MAP OAUTH2_FULLNAME_MAP OAUTH2_ID_TOKEN_WHITELIST_FIELDS OAUTH2_EMAIL_MAP OAUTH2_REQUEST_PERMISSIONS OAUTH2_ADFS_ENABLED LDAP_ENABLE LDAP_PORT LDAP_HOST LDAP_BASEDN LDAP_LOGIN_FALLBACK LDAP_RECONNECT LDAP_TIMEOUT LDAP_IDLE_TIMEOUT LDAP_CONNECT_TIMEOUT LDAP_AUTHENTIFICATION LDAP_AUTHENTIFICATION_USERDN LDAP_AUTHENTIFICATION_PASSWORD LDAP_LOG_ENABLED LDAP_BACKGROUND_SYNC LDAP_BACKGROUND_SYNC_INTERVAL LDAP_BACKGROUND_SYNC_KEEP_EXISTANT_USERS_UPDATED LDAP_BACKGROUND_SYNC_IMPORT_NEW_USERS LDAP_ENCRYPTION LDAP_CA_CERT LDAP_REJECT_UNAUTHORIZED LDAP_USER_AUTHENTICATION LDAP_USER_AUTHENTICATION_FIELD LDAP_USER_SEARCH_FILTER LDAP_USER_SEARCH_SCOPE LDAP_USER_SEARCH_FIELD LDAP_SEARCH_PAGE_SIZE LDAP_SEARCH_SIZE_LIMIT LDAP_GROUP_FILTER_ENABLE LDAP_GROUP_FILTER_OBJECTCLASS LDAP_GROUP_FILTER_GROUP_ID_ATTRIBUTE LDAP_GROUP_FILTER_GROUP_MEMBER_ATTRIBUTE LDAP_GROUP_FILTER_GROUP_MEMBER_FORMAT LDAP_GROUP_FILTER_GROUP_NAME LDAP_UNIQUE_IDENTIFIER_FIELD LDAP_UTF8_NAMES_SLUGIFY LDAP_USERNAME_FIELD LDAP_FULLNAME_FIELD LDAP_MERGE_EXISTING_USERS LDAP_SYNC_USER_DATA LDAP_SYNC_USER_DATA_FIELDMAP LDAP_SYNC_GROUP_ROLES LDAP_DEFAULT_DOMAIN LDAP_EMAIL_MATCH_ENABLE LDAP_EMAIL_MATCH_REQUIRE LDAP_EMAIL_MATCH_VERIFIED LDAP_EMAIL_FIELD LDAP_SYNC_ADMIN_STATUS LDAP_SYNC_ADMIN_GROUPS HEADER_LOGIN_ID HEADER_LOGIN_FIRSTNAME HEADER_LOGIN_LASTNAME HEADER_LOGIN_EMAIL LOGOUT_WITH_TIMER LOGOUT_IN LOGOUT_ON_HOURS LOGOUT_ON_MINUTES DEFAULT_AUTHENTICATION_METHOD ATTACHMENTS_STORE_PATH PASSWORD_LOGIN_ENABLED CAS_ENABLED CAS_BASE_URL CAS_LOGIN_URL CAS_VALIDATE_URL SAML_ENABLED SAML_PROVIDER SAML_ENTRYPOINT SAML_ISSUER SAML_CERT SAML_IDPSLO_REDIRECTURL SAML_PRIVATE_KEYFILE SAML_PUBLIC_CERTFILE SAML_IDENTIFIER_FORMAT SAML_LOCAL_PROFILE_MATCH_ATTRIBUTE SAML_ATTRIBUTES"
|
||||
|
||||
# default values
|
||||
DESCRIPTION_DEBUG="Debug OIDC OAuth2 etc. Example: sudo snap set wekan debug='true'"
|
||||
|
|
@ -464,3 +464,70 @@ DESCRIPTION_PASSWORD_LOGIN_ENABLED="To hide the password login form"
|
|||
DEFAULT_PASSWORD_LOGIN_ENABLED="true"
|
||||
KEY_PASSWORD_LOGIN_ENABLED="password-login-enabled"
|
||||
|
||||
DESCRIPTION_CAS_ENABLED="CAS Enabled"
|
||||
DEFAULT_CAS_ENABLED="false"
|
||||
KEY_CAS_ENABLED="cas-enabled"
|
||||
|
||||
DESCRIPTION_CAS_BASE_URL="CAS Base URL"
|
||||
DEFAULT_CAS_BASE_URL=""
|
||||
KEY_CAS_BASE_URL="cas-base-url"
|
||||
|
||||
DESCRIPTION_CAS_LOGIN_URL="CAS Login URL"
|
||||
DEFAULT_CAS_LOGIN_URL=""
|
||||
KEY_CAS_LOGIN_URL="cas-login-url"
|
||||
|
||||
DESCRIPTION_CAS_VALIDATE_URL="CAS Validate URL"
|
||||
DEFAULT_CAS_VALIDATE_URL=""
|
||||
KEY_CAS_VALIDATE_URL="cas-validate-url"
|
||||
|
||||
DESCRIPTION_SAML_ENABLED="SAML Enabled. Default: false"
|
||||
DEFAULT_SAML_ENABLED="false"
|
||||
KEY_SAML_ENABLED="saml-enabled"
|
||||
|
||||
DESCRIPTION_SAML_PROVIDER="SAML Provider"
|
||||
DEFAULT_SAML_PROVIDER=""
|
||||
KEY_SAML_PROVIDER="saml-provider"
|
||||
|
||||
DESCRIPTION_SAML_ENTRYPOINT="SAML Entrypoint"
|
||||
DEFAULT_SAML_ENTRYPOINT=""
|
||||
KEY_SAML_ENTRYPOINT="saml-entrypoint"
|
||||
|
||||
DESCRIPTION_SAML_ISSUER="SAML Issuer"
|
||||
DEFAULT_SAML_ISSUER=""
|
||||
KEY_SAML_ISSUER="saml-issuer"
|
||||
|
||||
DESCRIPTION_SAML_CERT="SAML Cert"
|
||||
DEFAULT_SAML_CERT=""
|
||||
KEY_SAML_CERT="saml-cert"
|
||||
|
||||
DESCRIPTION_SAML_IDPSLO_REDIRECTURL="SAML IDPSLO Redirect URL"
|
||||
DEFAULT_SAML_IDPSLO_REDIRECTURL=""
|
||||
KEY_SAML_IDPSLO_REDIRECTURL="saml-idpslo-redirecturl"
|
||||
|
||||
DESCRIPTION_SAML_PRIVATE_KEYFILE="SAML Private Keyfile"
|
||||
DEFAULT_SAML_PRIVATE_KEYFILE=""
|
||||
KEY_SAML_PRIVATE_KEYFILE="saml-private-keyfile"
|
||||
|
||||
DESCRIPTION_SAML_PUBLIC_CERTFILE="SAML Public Certfile"
|
||||
DEFAULT_SAML_PUBLIC_CERTFILE=""
|
||||
KEY_SAML_PUBLIC_CERTFILE="saml-public-certfile"
|
||||
|
||||
DESCRIPTION_SAML_PUBLIC_CERTFILE="SAML Public Certfile"
|
||||
DEFAULT_SAML_PUBLIC_CERTFILE=""
|
||||
KEY_SAML_PUBLIC_CERTFILE="saml-public-certfile"
|
||||
|
||||
DESCRIPTION_SAML_IDENTIFIER_FORMAT="SAML Identifier Format"
|
||||
DEFAULT_SAML_IDENTIFIER_FORMAT=""
|
||||
KEY_SAML_IDENTIFIER_FORMAT="saml-identifier-format"
|
||||
|
||||
DESCRIPTION_SAML_IDENTIFIER_FORMAT="SAML Identifier Format"
|
||||
DEFAULT_SAML_IDENTIFIER_FORMAT=""
|
||||
KEY_SAML_IDENTIFIER_FORMAT="saml-identifier-format"
|
||||
|
||||
DESCRIPTION_SAML_LOCAL_PROFILE_MATCH_ATTRIBUTE="SAML Local Profile Match Attribute"
|
||||
DEFAULT_SAML_LOCAL_PROFILE_MATCH_ATTRIBUTE=""
|
||||
KEY_SAML_LOCAL_PROFILE_MATCH_ATTRIBUTE="saml-local-profile-match-attribute"
|
||||
|
||||
DESCRIPTION_SAML_ATTRIBUTES="SAML Attributes"
|
||||
DEFAULT_SAML_ATTRIBUTES=""
|
||||
KEY_SAML_ATTRIBUTES="saml-attributes"
|
||||
|
|
|
|||
|
|
@ -478,6 +478,51 @@ echo -e "\n"
|
|||
echo -e "Enable or not password login Form"
|
||||
echo -e "\t$ snap set $SNAP_NAME password-login-enabled='false'"
|
||||
echo -e "\n"
|
||||
echo -e "CAS Enabled. Default: false"
|
||||
echo -e "\t$ snap set $SNAP_NAME cas-enabled='true'"
|
||||
echo -e "\n"
|
||||
echo -e "CAS Base URL."
|
||||
echo -e "\t$ snap set $SNAP_NAME cas-base-url='https://cas.example.com/cas'"
|
||||
echo -e "\n"
|
||||
echo -e "CAS Login URL."
|
||||
echo -e "\t$ snap set $SNAP_NAME cas-login-url='https://cas.example.com/login'"
|
||||
echo -e "\n"
|
||||
echo -e "CAS Validate URL."
|
||||
echo -e "\t$ snap set $SNAP_NAME cas-validate-url='https://cas.example.com/cas/p3/serviceValidate'"
|
||||
echo -e "\n"
|
||||
echo -e "SAML Enabled. Default: false"
|
||||
echo -e "\t$ snap set $SNAP_NAME saml-enabled='true'"
|
||||
echo -e "\n"
|
||||
echo -e "SAML Provider. openam or openidp."
|
||||
echo -e "\t$ snap set $SNAP_NAME saml-provider='openam'"
|
||||
echo -e "\n"
|
||||
echo -e "SAML Entrypoint."
|
||||
echo -e "\t$ snap set $SNAP_NAME saml-entrypoint=''"
|
||||
echo -e "\n"
|
||||
echo -e "SAML Issuer."
|
||||
echo -e "\t$ snap set $SNAP_NAME saml-issuer=''"
|
||||
echo -e "\n"
|
||||
echo -e "SAML Cert."
|
||||
echo -e "\t$ snap set $SNAP_NAME saml-cert=''"
|
||||
echo -e "\n"
|
||||
echo -e "SAML IDPS LO Redirect URL."
|
||||
echo -e "\t$ snap set $SNAP_NAME saml-ispslo-redirecturl=''"
|
||||
echo -e "\n"
|
||||
echo -e "SAML Private Keyfile."
|
||||
echo -e "\t$ snap set $SNAP_NAME saml-private-keyfile=''"
|
||||
echo -e "\n"
|
||||
echo -e "SAML Public Certfile."
|
||||
echo -e "\t$ snap set $SNAP_NAME saml-public-certfile=''"
|
||||
echo -e "\n"
|
||||
echo -e "SAML Identifier Format."
|
||||
echo -e "\t$ snap set $SNAP_NAME saml-identifier-format=''"
|
||||
echo -e "\n"
|
||||
echo -e "SAML Local Profile Match Attribute."
|
||||
echo -e "\t$ snap set $SNAP_NAME saml-local-profile-match-attribute=''"
|
||||
echo -e "\n"
|
||||
echo -e "SAML Attributes."
|
||||
echo -e "\t$ snap set $SNAP_NAME saml-attributes=''"
|
||||
echo -e "\n"
|
||||
# parse config file for supported settings keys
|
||||
echo -e "wekan supports settings keys"
|
||||
echo -e "values can be changed by calling\n$ snap set $SNAP_NAME <key name>='<key value>'"
|
||||
|
|
|
|||
|
|
@ -390,4 +390,21 @@ REM # LOGOUT_ON_MINUTES : The number of minutes
|
|||
REM # example : LOGOUT_ON_MINUTES=55
|
||||
REM SET LOGOUT_ON_MINUTES=
|
||||
|
||||
REM SET CAS_ENABLED=true
|
||||
REM SET CAS_BASE_URL=https://cas.example.com/cas
|
||||
REM SET CAS_LOGIN_URL=https://cas.example.com/login
|
||||
REM SET CAS_VALIDATE_URL=https://cas.example.com/cas/p3/serviceValidate
|
||||
|
||||
REM SET SAML_ENABLED=true
|
||||
REM SET SAML_PROVIDER=
|
||||
REM SET SAML_ENTRYPOINT=
|
||||
REM SET SAML_ISSUER=
|
||||
REM SET SAML_CERT=
|
||||
REM SET SAML_IDPSLO_REDIRECTURL=
|
||||
REM SET SAML_PRIVATE_KEYFILE=
|
||||
REM SET SAML_PUBLIC_CERTFILE=
|
||||
REM SET SAML_IDENTIFIER_FORMAT=
|
||||
REM SET SAML_LOCAL_PROFILE_MATCH_ATTRIBUTE=
|
||||
REM SET SAML_ATTRIBUTES=
|
||||
|
||||
node main.js
|
||||
|
|
|
|||
|
|
@ -362,7 +362,24 @@
|
|||
#---------------------------------------------------------------------
|
||||
# PASSWORD_LOGIN_ENABLED : Enable or not the password login form.
|
||||
#export PASSWORD_LOGIN_ENABLED=true
|
||||
|
||||
#---------------------------------------------------------------------
|
||||
#export CAS_ENABLED=true
|
||||
#export CAS_BASE_URL=https://cas.example.com/cas
|
||||
#export CAS_LOGIN_URL=https://cas.example.com/login
|
||||
#export CAS_VALIDATE_URL=https://cas.example.com/cas/p3/serviceValidate
|
||||
#---------------------------------------------------------------------
|
||||
#export SAML_ENABLED=true
|
||||
#export SAML_PROVIDER=
|
||||
#export SAML_ENTRYPOINT=
|
||||
#export SAML_ISSUER=
|
||||
#export SAML_CERT=
|
||||
#export SAML_IDPSLO_REDIRECTURL=
|
||||
#export SAML_PRIVATE_KEYFILE=
|
||||
#export SAML_PUBLIC_CERTFILE=
|
||||
#export SAML_IDENTIFIER_FORMAT=
|
||||
#export SAML_LOCAL_PROFILE_MATCH_ATTRIBUTE=
|
||||
#export SAML_ATTRIBUTES=
|
||||
#---------------------------------------------------------------------
|
||||
node main.js
|
||||
# & >> ../../wekan.log
|
||||
cd ../..
|
||||
|
|
|
|||
|
|
@ -529,7 +529,23 @@ services:
|
|||
# example: PASSWORD_LOGIN_ENABLED=false
|
||||
# - PASSWORD_LOGIN_ENABLED
|
||||
#-------------------------------------------------------------------
|
||||
|
||||
#- CAS_ENABLED=true
|
||||
#- CAS_BASE_URL=https://cas.example.com/cas
|
||||
#- CAS_LOGIN_URL=https://cas.example.com/login
|
||||
#- CAS_VALIDATE_URL=https://cas.example.com/cas/p3/serviceValidate
|
||||
#---------------------------------------------------------------------
|
||||
#- SAML_ENABLED=true
|
||||
#- SAML_PROVIDER=
|
||||
#- SAML_ENTRYPOINT=
|
||||
#- SAML_ISSUER=
|
||||
#- SAML_CERT=
|
||||
#- SAML_IDPSLO_REDIRECTURL=
|
||||
#- SAML_PRIVATE_KEYFILE=
|
||||
#- SAML_PUBLIC_CERTFILE=
|
||||
#- SAML_IDENTIFIER_FORMAT=
|
||||
#- SAML_LOCAL_PROFILE_MATCH_ATTRIBUTE=
|
||||
#- SAML_ATTRIBUTES=
|
||||
#---------------------------------------------------------------------
|
||||
|
||||
depends_on:
|
||||
- mongodb
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue