website/integrations: Add service documentation for "Kimai" timetracker (#2548)
* Add documentation for Kimai * website: fix kimai application slug * Add kimai sidebar integration Co-authored-by: hexx.one <dominics.pc@gmail.com>
This commit is contained in:
parent
d2fc1226f8
commit
467ad29656
117
website/integrations/services/kimai/index.md
Normal file
117
website/integrations/services/kimai/index.md
Normal file
|
@ -0,0 +1,117 @@
|
|||
---
|
||||
title: Kimai
|
||||
---
|
||||
|
||||
## What is Kimai
|
||||
|
||||
From https://www.kimai.org/about/
|
||||
|
||||
:::note
|
||||
Kimai is a free & open source timetracker. It tracks work time and prints out a summary of your activities on demand. Yearly, monthly, daily, by customer, by project … Its simplicity is its strength. Due to Kimai's browser based interface it runs cross-platform, even on your mobile device.
|
||||
:::
|
||||
|
||||
## Preparation
|
||||
|
||||
The following placeholders will be used:
|
||||
|
||||
- `kimai.company` is the FQDN of the Kimai Install
|
||||
- `authentik.company` is the FQDN of the authentik Install
|
||||
- `admin.group` is the authentik group to be made Admin in Kimai
|
||||
|
||||
Create an application in authentik and use the slug for later as `<application-slug>`.
|
||||
|
||||
Create a SAML provider with the following parameters:
|
||||
|
||||
- ACS URL: `https://kimai.company/auth/saml/acs`
|
||||
- Audience: `https://kimai.company/auth/saml`
|
||||
- Issuer: `https://authentik.company`
|
||||
- Binding: `Post`
|
||||
|
||||
Under *Advanced protocol settings*, set a certificate for *Signing Certificate*.
|
||||
|
||||
## Kimai Configuration
|
||||
|
||||
Paste the following block in your `local.yaml` file, after replacing the placeholder values from above. The file is usually located in `/opt/kimai/config/packages/local.yaml`.
|
||||
|
||||
To get the value for `x509cert`, go to *System* > *Certificates*, and download the public Signing Certificate. To avoid further problems, concat it into "string format" using e.g.: https://www.samltool.com/format_x509cert.php
|
||||
|
||||
```yaml
|
||||
# Optionally add this for docker debug-logging
|
||||
# monolog:
|
||||
# handlers:
|
||||
# main:
|
||||
# path: php://stderr
|
||||
|
||||
kimai:
|
||||
saml:
|
||||
activate: true
|
||||
title: Login with SAML
|
||||
mapping:
|
||||
- {
|
||||
saml: $http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress,
|
||||
kimai: email,
|
||||
}
|
||||
- {
|
||||
saml: $http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name,
|
||||
kimai: alias,
|
||||
}
|
||||
roles:
|
||||
attribute: Roles
|
||||
mapping:
|
||||
# Insert your roles here (ROLE_USER is added automatically)
|
||||
- { saml: admin.group, kimai: ROLE_ADMIN }
|
||||
connection:
|
||||
# You SAML provider
|
||||
# Your Authentik instance, replace https://authentik.company with your authentik URL
|
||||
idp:
|
||||
entityId: "https://authentik.company/"
|
||||
singleSignOnService:
|
||||
url: "https://authentik.company/application/saml/<application-slug>/sso/binding/redirect/"
|
||||
binding: "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
|
||||
# the "single logout" feature was not yet tested, if you want to help, please let me know!
|
||||
singleLogoutService:
|
||||
url: "https://authentik.company/if/session-end/<application-slug>/"
|
||||
binding: "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
|
||||
# Signing certificate from *Advanced protocol settings*
|
||||
x509cert: "XXXXXXXXXXXXXXXXXXXXXXXXXXX=="
|
||||
# Service Provider Data that we are deploying.
|
||||
# Your Kimai instance, replace https://kimai.company with your Kimai URL
|
||||
sp:
|
||||
entityId: "https://kimai.company/"
|
||||
assertionConsumerService:
|
||||
url: "https://kimai.company/auth/saml/acs"
|
||||
binding: "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
|
||||
singleLogoutService:
|
||||
url: "https://kimai.company/auth/saml/logout"
|
||||
binding: "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
|
||||
#privateKey: ''
|
||||
# only set baseurl, if auto-detection doesn't work
|
||||
baseurl: "https://kimai.company/auth/saml/"
|
||||
strict: false
|
||||
debug: true
|
||||
security:
|
||||
nameIdEncrypted: false
|
||||
authnRequestsSigned: false
|
||||
logoutRequestSigned: false
|
||||
logoutResponseSigned: false
|
||||
wantMessagesSigned: false
|
||||
wantAssertionsSigned: false
|
||||
wantNameIdEncrypted: false
|
||||
requestedAuthnContext: true
|
||||
signMetadata: false
|
||||
wantXMLValidation: true
|
||||
signatureAlgorithm: "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"
|
||||
digestAlgorithm: "http://www.w3.org/2001/04/xmlenc#sha256"
|
||||
contactPerson:
|
||||
technical:
|
||||
givenName: "Kimai Admin"
|
||||
emailAddress: "admin@example.com"
|
||||
organization:
|
||||
en:
|
||||
name: "Kimai"
|
||||
displayname: "Kimai"
|
||||
url: "https://kimai.company"
|
||||
|
||||
```
|
||||
|
||||
Afterwards, either [rebuild the cache](https://www.kimai.org/documentation/cache.html) or restart the docker container.
|
|
@ -21,6 +21,7 @@ module.exports = {
|
|||
"services/hashicorp-vault/index",
|
||||
"services/hedgedoc/index",
|
||||
"services/home-assistant/index",
|
||||
"services/kimai/index",
|
||||
"services/matrix-synapse/index",
|
||||
"services/minio/index",
|
||||
"services/nextcloud/index",
|
||||
|
|
Reference in a new issue