website/integrations: add documentation for roundcube webmail client (#2104)
* Add documentation for roundcube webmail client Includes required dovecot configuration snippet. * added roundcube to sidebar links * fixed typo * clean up formatting Tighten up extra info and match format to other integration documents * fix roundcube wiki url display
This commit is contained in:
parent
6ba150f737
commit
cb1e70be7f
86
website/integrations/services/roundcube/index.md
Normal file
86
website/integrations/services/roundcube/index.md
Normal file
|
@ -0,0 +1,86 @@
|
|||
---
|
||||
title: Roundcube
|
||||
---
|
||||
|
||||
## What is Roundcube
|
||||
|
||||
From https://roundcube.net
|
||||
|
||||
:::note
|
||||
**Roundcube** is a browser-based multilingual IMAP client with an application-like user interface.
|
||||
It provides full functionality you expect from an email client, including MIME support, address book, folder manipulation, message searching and spell checking
|
||||
:::
|
||||
|
||||
This integration describes how to use Roundcube's oauth support with authentik to automatically sign into an email account.
|
||||
The mail server must support XOAUTH2 for both SMTPD and IMAP/POP. Postfix SMTP server can also use Dovecot for authentication which provides Postfix with xoauth2 capability without configuring it separately.
|
||||
|
||||
## Preperation
|
||||
|
||||
The following placeholders will be used:
|
||||
|
||||
- `authentik.company` is the FQDN of the authentik install.
|
||||
|
||||
Create a new oauth2 Scope Mapping which does not return the 'group' values and associate this mapping
|
||||
in the provider settings instead of the default oauth mapping.
|
||||
|
||||
Under _Property Mappings_, create a _Scope Mapping_. Give it a name like "oauth2-Scope-dovecot". Set the scope name to `dovecotprofile` and the expression to the following
|
||||
|
||||
```
|
||||
return {
|
||||
"name": request.user.name,
|
||||
"given_name": request.user.name,
|
||||
"family_name": "",
|
||||
"preferred_username": request.user.username,
|
||||
"nickname": request.user.username,
|
||||
#DO NOT INCLUDE groups
|
||||
}
|
||||
```
|
||||
|
||||
Create an application in authentik. Create an _OAuth2/OpenID Provider_ with the following parameters:
|
||||
|
||||
- Client Type: `Confidential`
|
||||
- Scopes: OpenID, Email, and the scope you created above
|
||||
- Signing Key: Select any available key
|
||||
|
||||
## Roundcube Configuration
|
||||
|
||||
```
|
||||
$config['oauth_provider'] = 'generic';
|
||||
$config['oauth_provider_name'] = 'authentik';
|
||||
$config['oauth_client_id'] = '<Client ID>';
|
||||
$config['oauth_client_secret'] = '<Client Secret>';
|
||||
$config['oauth_auth_uri'] = 'https://authentik.company/application/o/authorize/';
|
||||
$config['oauth_token_uri'] = 'https://authentik.company/application/o/token/';
|
||||
$config['oauth_identity_uri'] = 'https://authentik.company/application/o/userinfo/';
|
||||
$config['oauth_scope'] = "email openid dovecotprofile";
|
||||
$config['oauth_auth_parameters'] = [];
|
||||
$config['oauth_identity_fields'] = ['email'];
|
||||
```
|
||||
## Dovecot Configuration
|
||||
|
||||
Add xoauth2 as an authentication mechanism and configure the following parameters in your Dovecot configuration.
|
||||
|
||||
```
|
||||
tokeninfo_url = https://authentik.company/application/o/userinfo/?access_token=
|
||||
introspection_url = https://<Client ID>:<Client Secret>@authentik.company/application/o/introspect/
|
||||
introspection_mode = post
|
||||
force_introspection = yes
|
||||
active_attribute = active
|
||||
active_value = true
|
||||
username_attribute = email
|
||||
tls_ca_cert_file = /etc/ssl/certs/ca-certificates.crt
|
||||
```
|
||||
|
||||
:::note
|
||||
With this setup Dovecot can also be used with other email clients that support XOAUTH2 authentication, however
|
||||
most available software (including Fair Email for Android and Thunderbird) only come with support for Gmail,
|
||||
Outlook etc with no way to configure custom email servers.
|
||||
:::
|
||||
|
||||
## Additional Resources
|
||||
|
||||
Please refer to the following for further configuration information:
|
||||
|
||||
- https://roundcube.net
|
||||
- https://github.com/roundcube/roundcubemail/wiki/Configuration:-OAuth2
|
||||
- https://doc.dovecot.org/configuration_manual/authentication/oauth2/
|
|
@ -29,6 +29,7 @@ module.exports = {
|
|||
"services/powerdns-admin/index",
|
||||
"services/proxmox-ve/index",
|
||||
"services/rancher/index",
|
||||
"services/roundcube/index",
|
||||
"services/sentry/index",
|
||||
"services/sssd/index",
|
||||
"services/sonarr/index",
|
||||
|
|
Reference in a new issue