From 89696edbee1056726bafaf5c224d777ea1657dbc Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Wed, 22 Dec 2021 21:46:46 +0100 Subject: [PATCH] website/integrations: cleanup Signed-off-by: Jens Langhammer --- .../integrations/services/fortimanager/index.md | 6 +++--- website/integrations/services/gitea/index.md | 15 +++++---------- website/integrations/services/hedgedoc/index.md | 4 ++-- website/integrations/services/sssd/index.md | 14 +++++++------- website/integrations/services/wiki-js/index.md | 2 +- 5 files changed, 18 insertions(+), 23 deletions(-) diff --git a/website/integrations/services/fortimanager/index.md b/website/integrations/services/fortimanager/index.md index 33beaa019..07bf6dfe9 100644 --- a/website/integrations/services/fortimanager/index.md +++ b/website/integrations/services/fortimanager/index.md @@ -33,11 +33,11 @@ Application: ## FortiManager Configuration -Navigate to `https://fgm.company/p/app/#!/sys/sso_settings` and select SAML SSO settings to configure SAML. +Navigate to `https://fgm.company/p/app/#!/sys/sso_settings` and select SAML SSO settings to configure SAML. Select 'Service Provider (SP)' under Single Sign-On Mode to enable SAML authentication. -Set the Field 'SP Address' to the FortiManager FQDN 'fgm.company'. (This gives you the URLs to configure in Authentik) +Set the Field 'SP Address' to the FortiManager FQDN 'fgm.company'. (This gives you the URLs to configure in authentik) Set the Default Login Page to either 'Normal' or 'Single-Sign On'. (Normal allows both local and SAML authentication vs only SAML SSO) @@ -51,4 +51,4 @@ Set the Field `IdP Login URL` to `https://authentik.company/application/saml/fgm Set the Field `IdP Logout URL` to `https://authentik.company/` -For the Field 'IdP Certificate" Import your Authentik cert. (Self Signed or real) +For the Field 'IdP Certificate" Import your authentik cert. (Self Signed or real) diff --git a/website/integrations/services/gitea/index.md b/website/integrations/services/gitea/index.md index fb882aec7..34657e627 100644 --- a/website/integrations/services/gitea/index.md +++ b/website/integrations/services/gitea/index.md @@ -30,8 +30,9 @@ Only settings that have been modified from default have been listed. ::: **Protocol Settings** + - Name: Gitea -- RSA Key: authentik Self-signed certificate +- RSA Key: Select any available key :::note Take note of the `Client ID` and `Client Secret`, you'll need to give them to Gitea in _Step 3_. @@ -62,21 +63,15 @@ Change the following fields - Icon URL: https://raw.githubusercontent.com/goauthentik/authentik/master/web/icons/icon.png - OpenID Connect Auto Discovery URL: https://authentik.company/application/o/gitea-slug/.well-known/openid-configuration - ![](./gitea1.png) -`Add Authentication Source` - -Next you should edit your Gitea's 'app.ini' to make Gitea request the proper OIDC Scope from Authentik. (It'll by default only ask for the 'openid' scope which doesn't provide us with the relevant information.) +`Add Authentication Source` +Next you should edit your Gitea's 'app.ini' to make Gitea request the proper OIDC Scope from authentik. (It'll by default only ask for the 'openid' scope which doesn't provide us with the relevant information.) In your Gitea instance, navigate to your app.ini and make the following changes - If it doesn't exist yet, create a `[oauth2_client]` section -- Set `OPENID_CONNECT_SCOPES` to `email profile` - +- Set `OPENID_CONNECT_SCOPES` to `email profile` Restart Gitea and you should be done! - - - diff --git a/website/integrations/services/hedgedoc/index.md b/website/integrations/services/hedgedoc/index.md index e586608b5..b6bcce935 100644 --- a/website/integrations/services/hedgedoc/index.md +++ b/website/integrations/services/hedgedoc/index.md @@ -34,7 +34,7 @@ You need to set the following `env` Variables for Docker based installations. Set the following values: ```yaml -CMD_OAUTH2_PROVIDERNAME: 'Authentik' +CMD_OAUTH2_PROVIDERNAME: 'authentik' CMD_OAUTH2_CLIENT_ID: '' CMD_OAUTH2_CLIENT_SECRET: '' CMD_OAUTH2_SCOPE: 'openid email profile' @@ -44,4 +44,4 @@ CMD_OAUTH2_AUTHORIZATION_URL: 'https://authentik.company/application/o/authorize CMD_OAUTH2_USER_PROFILE_USERNAME_ATTR: 'preferred_username' CMD_OAUTH2_USER_PROFILE_DISPLAY_NAME_ATTR: 'name' CMD_OAUTH2_USER_PROFILE_EMAIL_ATTR: 'email' -``` \ No newline at end of file +``` diff --git a/website/integrations/services/sssd/index.md b/website/integrations/services/sssd/index.md index 4fb1baa6f..e0bb57643 100644 --- a/website/integrations/services/sssd/index.md +++ b/website/integrations/services/sssd/index.md @@ -15,7 +15,7 @@ From https://sssd.io/ **SSSD** is an acronym for System Security Services Daemon. It is the client component of centralized identity management solutions such as FreeIPA, 389 Directory Server, Microsoft Active Directory, OpenLDAP and other directory servers. The client serves and caches the information stored in the remote directory server and provides identity, authentication and authorization services to the host machine. ::: -Note that Authentik supports _only_ user and group objects. As +Note that authentik supports _only_ user and group objects. As a consequence, it cannot be used to provide automount or sudo configuration nor can it provide netgroups or services to `nss`. Kerberos is also not supported. @@ -31,15 +31,15 @@ The following placeholders will be used: `ldap.baseDN` is `dc=ldap,dc=goauthentik,dc=io` then the domain might be `ldap.goauthentik.io`. - `ldap.searchGroup` is the "Search Group" that can can see all - users and groups in Authentik. -- `sssd.serviceAccount` is a service account created in Authentik + users and groups in authentik. +- `sssd.serviceAccount` is a service account created in authentik - `sssd.serviceAccountToken` is the service account token generated - by Authentik. + by authentik. Create an LDAP Provider if you don't already have one setup. This guide assumes you will be running with TLS and that you've -correctly setup certificates both in Authentik and on the host -running sssd. See the [ldap provider docs](../../../docs/providers/ldap) for setting up SSL on the Authentik side. +correctly setup certificates both in authentik and on the host +running sssd. See the [ldap provider docs](../../../docs/providers/ldap) for setting up SSL on the authentik side. Remember the Base DN you have configured for the provider as you'll need it in the sssd configuration. @@ -130,7 +130,7 @@ The setup of sssd may vary based on Linux distribution and version, here are some resources that can help you get this setup: :::note -Authentik is providing a simple LDAP server, not an Active Directory +authentik is providing a simple LDAP server, not an Active Directory domain. Be sure you're looking at the correct sections in these guides. ::: diff --git a/website/integrations/services/wiki-js/index.md b/website/integrations/services/wiki-js/index.md index aed3c5916..a69e2c5f0 100644 --- a/website/integrations/services/wiki-js/index.md +++ b/website/integrations/services/wiki-js/index.md @@ -35,7 +35,7 @@ In authentik, under _Providers_, create an _OAuth2/OpenID Provider_ with these s - JWT Algorithm: RS256 - Redirect URI: The _Callback URL / Redirect URI_ you noted from the previous step. - Scopes: Default OAUth mappings for: OpenID, email, profile. -- RSA Key: Choose a certificate. +- RSA Key: Select any available key - Sub Mode: Based on username. Note the _client ID_ and _client secret_, then save the provider. If you need to retrieve these values, you can do so by editing the provider.