Cleaned up OIDC für taiga draft

2025-04-28 10:26:54 +02:00 · 2025-04-06 21:38:15 +02:00 · 2025-04-06 21:38:15 +02:00 · 0eaaa73e23
commit 0eaaa73e23
parent a9c25a28c6
10 changed files with 26 additions and 9 deletions
--- a/group_vars/all/11_iam.yml
+++ b/group_vars/all/11_iam.yml
@ -23,7 +23,7 @@ defaults_oidc:
    user_info_url:        "{{_oidc_client_issuer_url}}/protocol/openid-connect/userinfo"    # Endpoint to retrieve user information
    logout_url:           "{{_oidc_client_issuer_url}}/protocol/openid-connect/logout"      # Endpoint to log out the user
    change_credentials:   "{{_oidc_client_issuer_url}}account/account-security/signing-in"  # URL for managing or changing user credentials
-
+  button_text:            "SSO Login({{primary_domain | upper}})"                           # Default button text
 #############################################
 ### LDAP                                  ###
 #############################################
--- a/roles/docker-bigbluebutton/templates/env.j2
+++ b/roles/docker-bigbluebutton/templates/env.j2
@ -294,4 +294,5 @@ OPENID_CONNECT_CLIENT_ID={{oidc.client.id}}
 OPENID_CONNECT_CLIENT_SECRET={{oidc.client.secret}}
 OPENID_CONNECT_ISSUER={{oidc.client.issuer_url}}
 OPENID_CONNECT_REDIRECT=https://{{domains[application_id]}}
+# OPENID_CONNECT_UID_FIELD=sub default
 {% endif %}
--- a/roles/docker-mastodon/templates/env.j2
+++ b/roles/docker-mastodon/templates/env.j2
@ -60,7 +60,7 @@ SMTP_FROM_ADDRESS=Mastodon <{{system_email.from}}>
 # @see https://stackoverflow.com/questions/72081776/how-mastodon-configured-login-using-sso

 OIDC_ENABLED={{ applications[application_id].oidc.enabled | string | lower }}
-OIDC_DISPLAY_NAME="{{primary_domain | upper}} SSO"
+OIDC_DISPLAY_NAME="{{oidc.button_text}}"
 OIDC_ISSUER={{oidc.client.issuer_url}}
 OIDC_DISCOVERY=true
 OIDC_SCOPE="openid,profile,email"
--- a/roles/docker-matrix-compose/templates/synapse/homeserver.yaml.j2
+++ b/roles/docker-matrix-compose/templates/synapse/homeserver.yaml.j2
@ -49,7 +49,7 @@ email:
 # @See https://matrix-org.github.io/synapse/latest/openid.html
 oidc_providers:
  - idp_id: keycloak
-    idp_name: "{{primary_domain | upper}} SSO"
+    idp_name: "{{oidc.button_text}}"
    issuer: "{{oidc.client.issuer_url}}"
    client_id: "{{oidc.client.id}}"
    client_secret: "{{oidc.client.secret}}"
--- a/roles/docker-nextcloud/templates/config/oidc.config.php.j2
+++ b/roles/docker-nextcloud/templates/config/oidc.config.php.j2
@ -36,7 +36,7 @@ return array (
    'oidc_login_default_quota' => '{{applications[application_id].default_quota}}',

    // Login button text
-    'oidc_login_button_text' => 'Log in with OpenID',
+    'oidc_login_button_text' => '{{oidc.button_text}}',

    // Hide the NextCloud password change form.
    'oidc_login_hide_password_form' => true,
--- a/roles/docker-taiga/Development.md
+++ b/roles/docker-taiga/Development.md
@ -0,0 +1,15 @@
+# Development 
+
+## Build front container
+
+```bash
+docker compose up -d --force-recreate taiga-front
+```
+
+## Debug
+
+Verify front configuration:
+
+```bash
+docker compose exec -it taiga-front cat /usr/share/nginx/html/conf.json
+```
--- a/roles/docker-taiga/README.md
+++ b/roles/docker-taiga/README.md
@ -34,7 +34,7 @@ By using this role, teams can set up Taiga in minutes on Arch Linux systems —
 ## Features

 - 🐳 **Docker-Based Deployment:** Easy containerized setup of backend, frontend, async workers, and events service.
- 🛡️ **OIDC Support:** Seamless login integration with providers like Keycloak when `applications[application_id].oidc.enabled` is `true`.
+- 🔐 **OIDC (Single Sign-On):** Supported via [taiga-contrib-openid-auth (robrotheram)](https://github.com/robrotheram/taiga-contrib-openid-auth)
 - 📨 **Email Backend:** Supports SMTP and console backends for development.
 - 🔁 **Async & Realtime Events:** Includes RabbitMQ and support for Taiga’s event system.
 - 🌐 **Reverse Proxy Ready:** Integrates with Nginx using the `nginx-domain-setup` role.
--- a/roles/docker-taiga/templates/docker-compose.yml.j2
+++ b/roles/docker-taiga/templates/docker-compose.yml.j2
@ -47,8 +47,8 @@ services:
 {% include 'roles/docker-compose/templates/services/base.yml.j2' %}
 {% include 'templates/docker/container/networks.yml.j2' %}
      taiga:
-    # volumes:
-    #   - ./conf.json:/usr/share/nginx/html/conf.json
+#    volumes:
+#      - {{ taiga_frontend_conf_path }}:/usr/share/nginx/html/conf.json:ro

  taiga-events:
    image: taigaio/taiga-events:latest
--- a/roles/docker-taiga/templates/env.j2
+++ b/roles/docker-taiga/templates/env.j2
@ -56,7 +56,7 @@ OPENID_USER_URL="{{oidc.client.user_info_url}}"
 OPENID_TOKEN_URL="{{oidc.client.token_url}}"
 OPENID_CLIENT_ID="{{oidc.client.id}}"
 OPENID_CLIENT_SECRET="{{oidc.client.secret}}"
-OPENID_NAME="SSO"
+OPENID_NAME="{{oidc.button_text}}"
 # Default Values
 #
 # OPENID_ID_FIELD="sub"
--- a/roles/docker-taiga/vars/main.yml
+++ b/roles/docker-taiga/vars/main.yml
@ -5,4 +5,5 @@ docker_repository_address:  "https://github.com/taigaio/taiga-docker"
 email_backend:              "smtp"                                      ## use an SMTP server or display the emails in the console (either "smtp" or "console")
 docker_compose_init:        "{{docker_compose.directories.instance}}docker-compose-inits.yml.j2"
 taiga_image_backend:        "{{ 'robrotheram/taiga-back-openid' if applications[application_id].oidc.enabled else 'taigaio/taiga-back' }}"
-taiga_image_frontend:       "{{ 'robrotheram/taiga-front-openid' if applications[application_id].oidc.enabled else 'taigaio/taiga-front' }}"
+taiga_image_frontend:       "{{ 'robrotheram/taiga-front-openid' if applications[application_id].oidc.enabled else 'taigaio/taiga-front' }}"
+taiga_frontend_conf_path:   "{{docker_compose.directories.conf}}conf.json"