4.4 KiB
| title |
|---|
| OpenProject |
Support level: Community
What is OpenProject
OpenProject is a open source project management software.
Preparation
The following placeholders will be used:
openproject.companyis the FQDN of the Service install. (Remove this for SaaS)authentik.companyis the FQDN of the authentik install.
authentik Configuration
Create a OAuth2/OpenID provider with the following parameters:
- Client Type:
Confidential - Scopes:
openid,emailandprofile - Signing Key: Select any available key
- Redirect URIs:
https://openproject.company/auth/authentik/callback
Note the Client ID and Client Secret values.
Create an application, using the provider you've created above and set a slug.
In this example and the following configuration files, the slug openproject is used.
Add family name
OpenProject uses First name and Last name but Authentik does only provide a name by default (e.g. name="foo bar" instead first_name="foo", last_name="bar"), you can modify the authentik default OAuth Mapping: OpenID 'profile' to provide first and last name.
To do that, you need to:
- log in as
admin - open the
admin interface - navigate to
Customisation->Property Mappings - uncheck
Hide managed mappings - edit the
authentik default OAuth Mapping: OpenID 'profile'mapping - add the following lines:
"family_name": request.user.name.rsplit(" ", 1)[-1], "given_name": request.user.name.rsplit(" ", 1)[0],
Now, the fields for first and last name will get properly set in OpenProject.
OpenProject Configuration
OpenProject can be installed in different ways (see the documentation). For this configuration, the docker-based installation using docker-compose is used.
As described in the installation guide, the first step is to clone the openproject-deploy repository.
Following the instructions of the openproject-deploy repository, create a copy of the provided .env.example and adjust its content:
- Set
OPENPROJECT_HOST__NAMEtoopenproject.company
The next step is to add some more configuration lines to the .env file:
# sso auth
OPENPROJECT_OMNIAUTH__DIRECT__LOGIN__PROVIDER="Authentik"
# The name of the login button in OpenProject, you can freely set this to anything you like
OPENPROJECT_OPENID__CONNECT_AUTHENTIK_DISPLAY__NAME="Authentik"
OPENPROJECT_OPENID__CONNECT_AUTHENTIK_HOST="authentik.company"
OPENPROJECT_OPENID__CONNECT_AUTHENTIK_IDENTIFIER="< insert the `Client ID` you have copied in the authentik configuration step >"
OPENPROJECT_OPENID__CONNECT_AUTHENTIK_SECRET="< insert the `Client Secret` you have copied in the authentik configuration step >"
OPENPROJECT_OPENID__CONNECT_AUTHENTIK_ISSUER="https://authentik.company"
OPENPROJECT_OPENID__CONNECT_AUTHENTIK_AUTHORIZATION__ENDPOINT="https://authentik.company/application/o/authorize/"
OPENPROJECT_OPENID__CONNECT_AUTHENTIK_TOKEN__ENDPOINT="https://authentik.company/application/o/token/"
OPENPROJECT_OPENID__CONNECT_AUTHENTIK_USERINFO__ENDPOINT="https://authentik.company/application/o/userinfo/"
OPENPROJECT_OPENID__CONNECT_AUTHENTIK_END__SESSION__ENDPOINT="https://authentik.company/application/o/openproject/end-session/"
OPENPROJECT_OPENID__CONNECT_AUTHENTIK_ATTRIBUTE__MAP_LOGIN="preferred_username"
Complete the rest of the installation following the installation instructions of the OpenProject documentation.
Disable password login
If you want to disable the traditional password login for the OpenProject instance, you need to add the lines to the .env file:
OPENPROJECT_DISABLE__PASSWORD__LOGIN=true
OPENPROJECT_SELF__REGISTRATION=disabled
For more information regarding environment variables, read the environment variables documentation.