2f3026084e
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
80 lines
2.3 KiB
Plaintext
80 lines
2.3 KiB
Plaintext
---
|
|
title: Wekan
|
|
---
|
|
|
|
## What is Wekan
|
|
|
|
From https://github.com/wekan/wekan/wiki
|
|
|
|
:::note
|
|
Wekan is an open-source kanban board which allows a card-based task and to-do management.
|
|
:::
|
|
|
|
## Preparation
|
|
|
|
The following placeholders will be used:
|
|
|
|
- `wekan.company` is the FQDN of the wekan install.
|
|
- `authentik.company` is the FQDN of the authentik install.
|
|
|
|
Create an application in authentik. Create an OAuth2/OpenID provider with the following parameters:
|
|
|
|
- Client Type: `Confidential`
|
|
- Scopes: OpenID, Email and Profile
|
|
- RSA Key: Select any available key
|
|
- Redirect URIs: `https://wekan.company/_oauth/oidc`
|
|
|
|
Note the Client ID and Client Secret values. Create an application, using the provider you've created above. Note the slug of the application you've created.
|
|
|
|
## Wekan
|
|
|
|
import Tabs from '@theme/Tabs';
|
|
import TabItem from '@theme/TabItem';
|
|
|
|
<Tabs
|
|
defaultValue="docker"
|
|
values={[
|
|
{label: 'Docker', value: 'docker'},
|
|
{label: 'Standalone', value: 'standalone'},
|
|
]}>
|
|
<TabItem value="docker">
|
|
If your Wekan is running in docker, add the following environment variables for authentik
|
|
|
|
```yaml
|
|
environment:
|
|
OAUTH2_ENABLED=true
|
|
OAUTH2_LOGIN_STYLE=redirect
|
|
OAUTH2_CLIENT_ID=<Client ID from above>
|
|
OAUTH2_SERVER_URL=https://authentik.company
|
|
OAUTH2_AUTH_ENDPOINT=/application/o/authorize/
|
|
OAUTH2_USERINFO_ENDPOINT=/application/o/userinfo/
|
|
OAUTH2_TOKEN_ENDPOINT=/application/o/token/
|
|
OAUTH2_SECRET=<Client Secret from above>
|
|
OAUTH2_ID_MAP=preferred_username
|
|
OAUTH2_USERNAME_MAP=preferred_username
|
|
OAUTH2_FULLNAME_MAP=given_name
|
|
OAUTH2_EMAIL_MAP=email
|
|
```
|
|
</TabItem>
|
|
<TabItem value="standalone">
|
|
|
|
edit `.env` and add the following:
|
|
|
|
```ini
|
|
# authentik OAUTH Config
|
|
OAUTH2_ENABLED='true'
|
|
OAUTH2_LOGIN_STYLE='redirect'
|
|
OAUTH2_CLIENT_ID='<Client ID from above>'
|
|
OAUTH2_SERVER_URL='https://authentik.company'
|
|
OAUTH2_AUTH_ENDPOINT='/application/o/authorize/'
|
|
OAUTH2_USERINFO_ENDPOINT='/application/o/userinfo/'
|
|
OAUTH2_TOKEN_ENDPOINT='/application/o/token/'
|
|
OAUTH2_SECRET='<Client Secret from above>'
|
|
OAUTH2_ID_MAP='preferred_username'
|
|
OAUTH2_USERNAME_MAP='preferred_username'
|
|
OAUTH2_FULLNAME_MAP='given_name'
|
|
OAUTH2_EMAIL_MAP='email'
|
|
```
|
|
</TabItem>
|
|
</Tabs>
|