Skip to content
Snippets Groups Projects
Commit b0178124 authored by Christian Elberfeld's avatar Christian Elberfeld
Browse files

Dokumentation Gruppenmapping

parent ee1b5498
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
testserver/docker_gitea/Documentation.md
+ 23
1
View file @ b0178124
# Overview
* Authentication to Gitea is possible with an account in uffd, regular authentication is only used for initial admin user
* All users with group 'gitea_access' can access Gitea, the user in Gitea is created on first login
* Users with group 'gitea_admin' are added to the Administrators group in Gitea
* Additional groups are assigned if the name of the group matches in uffd and Gitea
# Setup OIDC Authentication via uffd
Schritt 1: OpenID Connect Konfiguration in Uffd Schritt 1: OpenID Connect Konfiguration in Uffd
1. neuen Dienst erstellen 1. neuen Dienst erstellen
...@@ -15,4 +25,16 @@ Schritt 2: Gitea für OpenID Connect konfigurieren ...@@ -15,4 +25,16 @@ Schritt 2: Gitea für OpenID Connect konfigurieren
- OAuth2-Anbieter: OpenID Connect - OAuth2-Anbieter: OpenID Connect
- Client-ID: gitea - Client-ID: gitea
- Client-Secret: <geheim> - Client-Secret: <geheim>
- OpenID-Connect-Auto-Discovery-URL: https://</.well-known/openid-configuration - OpenID-Connect-Auto-Discovery-URL: https://</.well-known/openid-configuration
\ No newline at end of file - Claim-Name: groups
- Gruppen-Claim-Wert für Administratoren: gitea_admin
- Map claimed groups to Organization teams: <s. unten>
- Remove users from synchronized teams: Ja
- This Authentication Source is activated: Ja
3. Mapping von Gruppen zu Organisationen / Teams: Das folgende Beispiel fügt alle benutzer mit der Gruppe 'gitea_testgroup' in uffd in die Organisation 'testgroup_org' und dort in das Team 'Owners' ein. Die Organisation und das Team müssen in Gitea vorher erstellt werden.
```
{
"gitea_testgroup": { "testgroup_org": [ "Owners" ] }
}
```
testserver/docker_gitea/templates/docker-compose.yml
+ 2
2
View file @ b0178124
...@@ -8,7 +8,7 @@ services: ...@@ -8,7 +8,7 @@ services:
ports: ports:
- 444:444 - 444:444
volumes: volumes:
- {{ basedir }}/data:/data - "{{ basedir }}/data:/data"
environment: environment:
APP_NAME: "Warpzone Verwaltung" APP_NAME: "Warpzone Verwaltung"
RUN_MODE: "prod" RUN_MODE: "prod"
...@@ -43,7 +43,7 @@ services: ...@@ -43,7 +43,7 @@ services:
image: mariadb:11 image: mariadb:11
restart: always restart: always
volumes: volumes:
- {{ basedir }}/db/:/var/lib/mysql - "{{ basedir }}/db/:/var/lib/mysql"
environment: environment:
MYSQL_ROOT_PASSWORD: "{{ mysql_root_pw }}" MYSQL_ROOT_PASSWORD: "{{ mysql_root_pw }}"
MYSQL_PASSWORD: "{{ mysql_user_pw }}" MYSQL_PASSWORD: "{{ mysql_user_pw }}"
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment