website/integrations: cleanup
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
parent
c1f0833c09
commit
89696edbee
|
@ -37,7 +37,7 @@ Navigate to `https://fgm.company/p/app/#!/sys/sso_settings` and select SAML SSO
|
|||
|
||||
Select 'Service Provider (SP)' under Single Sign-On Mode to enable SAML authentication.
|
||||
|
||||
Set the Field 'SP Address' to the FortiManager FQDN 'fgm.company'. (This gives you the URLs to configure in Authentik)
|
||||
Set the Field 'SP Address' to the FortiManager FQDN 'fgm.company'. (This gives you the URLs to configure in authentik)
|
||||
|
||||
Set the Default Login Page to either 'Normal' or 'Single-Sign On'. (Normal allows both local and SAML authentication vs only SAML SSO)
|
||||
|
||||
|
@ -51,4 +51,4 @@ Set the Field `IdP Login URL` to `https://authentik.company/application/saml/fgm
|
|||
|
||||
Set the Field `IdP Logout URL` to `https://authentik.company/`
|
||||
|
||||
For the Field 'IdP Certificate" Import your Authentik cert. (Self Signed or real)
|
||||
For the Field 'IdP Certificate" Import your authentik cert. (Self Signed or real)
|
||||
|
|
|
@ -30,8 +30,9 @@ Only settings that have been modified from default have been listed.
|
|||
:::
|
||||
|
||||
**Protocol Settings**
|
||||
|
||||
- Name: Gitea
|
||||
- RSA Key: authentik Self-signed certificate
|
||||
- RSA Key: Select any available key
|
||||
|
||||
:::note
|
||||
Take note of the `Client ID` and `Client Secret`, you'll need to give them to Gitea in _Step 3_.
|
||||
|
@ -62,21 +63,15 @@ Change the following fields
|
|||
- Icon URL: https://raw.githubusercontent.com/goauthentik/authentik/master/web/icons/icon.png
|
||||
- OpenID Connect Auto Discovery URL: https://authentik.company/application/o/gitea-slug/.well-known/openid-configuration
|
||||
|
||||
|
||||
![](./gitea1.png)
|
||||
|
||||
`Add Authentication Source`
|
||||
|
||||
Next you should edit your Gitea's 'app.ini' to make Gitea request the proper OIDC Scope from Authentik. (It'll by default only ask for the 'openid' scope which doesn't provide us with the relevant information.)
|
||||
|
||||
Next you should edit your Gitea's 'app.ini' to make Gitea request the proper OIDC Scope from authentik. (It'll by default only ask for the 'openid' scope which doesn't provide us with the relevant information.)
|
||||
|
||||
In your Gitea instance, navigate to your app.ini and make the following changes
|
||||
|
||||
- If it doesn't exist yet, create a `[oauth2_client]` section
|
||||
- Set `OPENID_CONNECT_SCOPES` to `email profile`
|
||||
|
||||
|
||||
Restart Gitea and you should be done!
|
||||
|
||||
|
||||
|
||||
|
|
|
@ -34,7 +34,7 @@ You need to set the following `env` Variables for Docker based installations.
|
|||
Set the following values:
|
||||
|
||||
```yaml
|
||||
CMD_OAUTH2_PROVIDERNAME: 'Authentik'
|
||||
CMD_OAUTH2_PROVIDERNAME: 'authentik'
|
||||
CMD_OAUTH2_CLIENT_ID: '<Client ID from above>'
|
||||
CMD_OAUTH2_CLIENT_SECRET: '<Client Secret from above>'
|
||||
CMD_OAUTH2_SCOPE: 'openid email profile'
|
||||
|
|
|
@ -15,7 +15,7 @@ From https://sssd.io/
|
|||
**SSSD** is an acronym for System Security Services Daemon. It is the client component of centralized identity management solutions such as FreeIPA, 389 Directory Server, Microsoft Active Directory, OpenLDAP and other directory servers. The client serves and caches the information stored in the remote directory server and provides identity, authentication and authorization services to the host machine.
|
||||
:::
|
||||
|
||||
Note that Authentik supports _only_ user and group objects. As
|
||||
Note that authentik supports _only_ user and group objects. As
|
||||
a consequence, it cannot be used to provide automount or sudo
|
||||
configuration nor can it provide netgroups or services to `nss`.
|
||||
Kerberos is also not supported.
|
||||
|
@ -31,15 +31,15 @@ The following placeholders will be used:
|
|||
`ldap.baseDN` is `dc=ldap,dc=goauthentik,dc=io` then the domain
|
||||
might be `ldap.goauthentik.io`.
|
||||
- `ldap.searchGroup` is the "Search Group" that can can see all
|
||||
users and groups in Authentik.
|
||||
- `sssd.serviceAccount` is a service account created in Authentik
|
||||
users and groups in authentik.
|
||||
- `sssd.serviceAccount` is a service account created in authentik
|
||||
- `sssd.serviceAccountToken` is the service account token generated
|
||||
by Authentik.
|
||||
by authentik.
|
||||
|
||||
Create an LDAP Provider if you don't already have one setup.
|
||||
This guide assumes you will be running with TLS and that you've
|
||||
correctly setup certificates both in Authentik and on the host
|
||||
running sssd. See the [ldap provider docs](../../../docs/providers/ldap) for setting up SSL on the Authentik side.
|
||||
correctly setup certificates both in authentik and on the host
|
||||
running sssd. See the [ldap provider docs](../../../docs/providers/ldap) for setting up SSL on the authentik side.
|
||||
|
||||
Remember the Base DN you have configured for the provider as you'll
|
||||
need it in the sssd configuration.
|
||||
|
@ -130,7 +130,7 @@ The setup of sssd may vary based on Linux distribution and version,
|
|||
here are some resources that can help you get this setup:
|
||||
|
||||
:::note
|
||||
Authentik is providing a simple LDAP server, not an Active Directory
|
||||
authentik is providing a simple LDAP server, not an Active Directory
|
||||
domain. Be sure you're looking at the correct sections in these guides.
|
||||
:::
|
||||
|
||||
|
|
|
@ -35,7 +35,7 @@ In authentik, under _Providers_, create an _OAuth2/OpenID Provider_ with these s
|
|||
- JWT Algorithm: RS256
|
||||
- Redirect URI: The _Callback URL / Redirect URI_ you noted from the previous step.
|
||||
- Scopes: Default OAUth mappings for: OpenID, email, profile.
|
||||
- RSA Key: Choose a certificate.
|
||||
- RSA Key: Select any available key
|
||||
- Sub Mode: Based on username.
|
||||
|
||||
Note the _client ID_ and _client secret_, then save the provider. If you need to retrieve these values, you can do so by editing the provider.
|
||||
|
|
Reference in a new issue