vpnserver

testserver/docker_vpnserver/templates/config.yaml

@@ -26,3 +26,19 @@ auth:
       - openid
       - profile
       - email
+    # You can optionally restrict access to users with an email address
+    # that matches an allowed domain.
+    # If empty or omitted then all email domains will be allowed.
+    # This is an advanced feature that allows you to define OIDC claim mapping expressions.
+    # This feature is used to define wg-access-server admins based off a claim in your OIDC token.
+    # A JSON-like object of claimKey: claimValue pairs as returned by the issuer is passed to the evaluation function. 
+    # See https://github.com/Knetic/govaluate/blob/9aa49832a739dcd78a5542ff189fb82c3e423116/MANUAL.md for the syntax.
+    claimMapping:
+      # This example works if you have a custom group_membership claim which is a list of strings 
+      admin: "true"
+      access: "true"
+    # Let wg-access-server retrieve the claims from the ID Token instead of querying the UserInfo endpoint.
+    # Some OIDC authorization provider implementations (e.g. ADFS) only publish claims in the ID Token.
+    claimsFromIDToken: false
+    # require this claim to be "true" to allow access for the user
+    # accessClaim: "access"
\ No newline at end of file