Skip to content
Snippets Groups Projects
Commit 605d406b authored by Christian Elberfeld's avatar Christian Elberfeld
Browse files

tandoor oauth anbindung

parent c53a7243
No related branches found
No related tags found
No related merge requests found
......@@ -27,7 +27,7 @@ Create Groups:
Create a Service / OAuth Client:
Only Users with goup grafana_access can access Wordpress
Only Users with goup grafana_access can access Grafana
Client-ID: grafana
Client-Secret: from file oauth_client_secret on the server
......
After initial Setup, the initial superuser 'tandooradmin' must be created in the unser interface.
The Password is stored on the Server in the file ```secrets/tandooradmin_user_pass``` within the data directory.
# Overview
* Authentication to Tandoor is only possible with an account in uffd, regular authentication is disabled
* All users with group 'tandoor_access' can access the Application
# Setup OIDC Authentication via uffd
Uffd Reference: https://git.cccv.de/uffd
## Setup in Tandoor
All setup is done in the docker-compose.yml
References:
* https://docs.tandoor.dev/features/authentication/
## Setup in uffd
Create Groups:
- tandoor_access: General Access to Tandoor
Create a Service / OAuth Client:
Only Users with goup grafana_access can access Tandoor
Client-ID: tandoor
Client-Secret: from file openid_client_secret on the server
Redirect-URIs:
* https://tandoor.test-warpzone.de/accounts/oidc/uffd/login/callback/
......@@ -5,6 +5,7 @@
- { path: "{{ basedir }}/secrets/secret_key", length: 32 }
- { path: "{{ basedir }}/secrets/postgres_user_pass", length: 24 }
- { path: "{{ basedir }}/secrets/tandooradmin_user_pass", length: 24 }
- { path: "{{ basedir }}/secrets/openid_client_secret", length: 32 }
- name: "create folder struct for {{ servicename }}"
......
......@@ -34,6 +34,10 @@ services:
POSTGRES_PORT: 5432
POSTGRES_USER: tandoor
POSTGRES_PASSWORD: "{{ postgres_user_pass }}"
SOCIAL_PROVIDERS: allauth.socialaccount.providers.openid_connect
SOCIALACCOUNT_PROVIDERS: '{"openid_connect":{"APPS":[{"provider_id":"uffd","name":"uffd","client_id":"tandoor","secret":"{{ openid_client_secret }}","settings":{"server_url":"{{ oidc_global.provider_url }}/.well-known/openid-configuration"}}]}}'
SOCIAL_DEFAULT_GROUP: "warpzone"
ENABLE_SIGNUP: "False"
labels:
- traefik.enable=true
- traefik.http.routers.{{ servicename }}.rule=Host(`{{ domain }}`)
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment