tandoor oauth anbindung

605d406b · Christian Elberfeld · c53a7243 · 605d406b · 605d406b · 605d406b
Commit 605d406b authored 1 year ago by Christian Elberfeld
--- a/testserver/docker_grafana/Documentation.md
+++ b/testserver/docker_grafana/Documentation.md
@@ -27,7 +27,7 @@ Create Groups:
 Create a Service / OAuth Client: 
-Only Users with goup grafana_access can access Wordpress 
+Only Users with goup grafana_access can access Grafana 
 Client-ID: grafana
 Client-Secret: from file oauth_client_secret on the server

--- a/testserver/docker_tandoor/Documentation.md
+++ b/testserver/docker_tandoor/Documentation.md
-After initial Setup, the initial superuser 'tandooradmin' must be created in the unser interface. 
+# Overview 
-The Password is stored on the Server in the file ```secrets/tandooradmin_user_pass``` within the data directory. 
+* Authentication to Tandoor is only possible with an account in uffd, regular authentication is disabled 
+* All users with group 'tandoor_access' can access the Application 
+# Setup OIDC Authentication via uffd 
+Uffd Reference: https://git.cccv.de/uffd
+## Setup in Tandoor
+All setup is done in the docker-compose.yml
+References: 
+* https://docs.tandoor.dev/features/authentication/
+## Setup in uffd
+Create Groups:
+- tandoor_access: General Access to Tandoor
+Create a Service / OAuth Client: 
+Only Users with goup grafana_access can access Tandoor 
+Client-ID: tandoor
+Client-Secret: from file openid_client_secret on the server
+Redirect-URIs: 
+* https://tandoor.test-warpzone.de/accounts/oidc/uffd/login/callback/
--- a/testserver/docker_tandoor/tasks/main.yml
+++ b/testserver/docker_tandoor/tasks/main.yml
@@ -5,6 +5,7 @@
    - { path: "{{ basedir }}/secrets/secret_key",  length: 32 }
    - { path: "{{ basedir }}/secrets/postgres_user_pass",  length: 24 }
    - { path: "{{ basedir }}/secrets/tandooradmin_user_pass",  length: 24 }
+    - { path: "{{ basedir }}/secrets/openid_client_secret",  length: 32 }
 - name: "create folder struct for {{ servicename }}"

--- a/testserver/docker_tandoor/templates/docker-compose.yml
+++ b/testserver/docker_tandoor/templates/docker-compose.yml
@@ -34,6 +34,10 @@ services:
      POSTGRES_PORT: 5432
      POSTGRES_USER: tandoor
      POSTGRES_PASSWORD: "{{ postgres_user_pass }}"
+      SOCIAL_PROVIDERS: allauth.socialaccount.providers.openid_connect
+      SOCIALACCOUNT_PROVIDERS: '{"openid_connect":{"APPS":[{"provider_id":"uffd","name":"uffd","client_id":"tandoor","secret":"{{ openid_client_secret }}","settings":{"server_url":"{{ oidc_global.provider_url }}/.well-known/openid-configuration"}}]}}'
+      SOCIAL_DEFAULT_GROUP: "warpzone"
+      ENABLE_SIGNUP: "False"
    labels:
      - traefik.enable=true
      - traefik.http.routers.{{ servicename }}.rule=Host(`{{ domain }}`)