From 0eaaa73e231cb1147773da0772ec83aa2db923bc Mon Sep 17 00:00:00 2001 From: Kevin Veen-Birkenbach Date: Sun, 6 Apr 2025 21:38:15 +0200 Subject: [PATCH] =?UTF-8?q?Cleaned=20up=20OIDC=20f=C3=BCr=20taiga=20draft?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- group_vars/all/11_iam.yml | 2 +- roles/docker-bigbluebutton/templates/env.j2 | 1 + roles/docker-mastodon/templates/env.j2 | 2 +- .../templates/synapse/homeserver.yaml.j2 | 2 +- .../templates/config/oidc.config.php.j2 | 2 +- roles/docker-taiga/Development.md | 15 +++++++++++++++ roles/docker-taiga/README.md | 2 +- .../docker-taiga/templates/docker-compose.yml.j2 | 4 ++-- roles/docker-taiga/templates/env.j2 | 2 +- roles/docker-taiga/vars/main.yml | 3 ++- 10 files changed, 26 insertions(+), 9 deletions(-) create mode 100644 roles/docker-taiga/Development.md diff --git a/group_vars/all/11_iam.yml b/group_vars/all/11_iam.yml index 7ef2c7e5..5e512dda 100644 --- a/group_vars/all/11_iam.yml +++ b/group_vars/all/11_iam.yml @@ -23,7 +23,7 @@ defaults_oidc: user_info_url: "{{_oidc_client_issuer_url}}/protocol/openid-connect/userinfo" # Endpoint to retrieve user information logout_url: "{{_oidc_client_issuer_url}}/protocol/openid-connect/logout" # Endpoint to log out the user change_credentials: "{{_oidc_client_issuer_url}}account/account-security/signing-in" # URL for managing or changing user credentials - + button_text: "SSO Login({{primary_domain | upper}})" # Default button text ############################################# ### LDAP ### ############################################# diff --git a/roles/docker-bigbluebutton/templates/env.j2 b/roles/docker-bigbluebutton/templates/env.j2 index 83247130..5d0c646b 100644 --- a/roles/docker-bigbluebutton/templates/env.j2 +++ b/roles/docker-bigbluebutton/templates/env.j2 @@ -294,4 +294,5 @@ OPENID_CONNECT_CLIENT_ID={{oidc.client.id}} OPENID_CONNECT_CLIENT_SECRET={{oidc.client.secret}} OPENID_CONNECT_ISSUER={{oidc.client.issuer_url}} OPENID_CONNECT_REDIRECT=https://{{domains[application_id]}} +# OPENID_CONNECT_UID_FIELD=sub default {% endif %} \ No newline at end of file diff --git a/roles/docker-mastodon/templates/env.j2 b/roles/docker-mastodon/templates/env.j2 index 11569a59..d42688bf 100644 --- a/roles/docker-mastodon/templates/env.j2 +++ b/roles/docker-mastodon/templates/env.j2 @@ -60,7 +60,7 @@ SMTP_FROM_ADDRESS=Mastodon <{{system_email.from}}> # @see https://stackoverflow.com/questions/72081776/how-mastodon-configured-login-using-sso OIDC_ENABLED={{ applications[application_id].oidc.enabled | string | lower }} -OIDC_DISPLAY_NAME="{{primary_domain | upper}} SSO" +OIDC_DISPLAY_NAME="{{oidc.button_text}}" OIDC_ISSUER={{oidc.client.issuer_url}} OIDC_DISCOVERY=true OIDC_SCOPE="openid,profile,email" diff --git a/roles/docker-matrix-compose/templates/synapse/homeserver.yaml.j2 b/roles/docker-matrix-compose/templates/synapse/homeserver.yaml.j2 index d2f8b0cf..f239009e 100644 --- a/roles/docker-matrix-compose/templates/synapse/homeserver.yaml.j2 +++ b/roles/docker-matrix-compose/templates/synapse/homeserver.yaml.j2 @@ -49,7 +49,7 @@ email: # @See https://matrix-org.github.io/synapse/latest/openid.html oidc_providers: - idp_id: keycloak - idp_name: "{{primary_domain | upper}} SSO" + idp_name: "{{oidc.button_text}}" issuer: "{{oidc.client.issuer_url}}" client_id: "{{oidc.client.id}}" client_secret: "{{oidc.client.secret}}" diff --git a/roles/docker-nextcloud/templates/config/oidc.config.php.j2 b/roles/docker-nextcloud/templates/config/oidc.config.php.j2 index 093f6e3c..022301b4 100644 --- a/roles/docker-nextcloud/templates/config/oidc.config.php.j2 +++ b/roles/docker-nextcloud/templates/config/oidc.config.php.j2 @@ -36,7 +36,7 @@ return array ( 'oidc_login_default_quota' => '{{applications[application_id].default_quota}}', // Login button text - 'oidc_login_button_text' => 'Log in with OpenID', + 'oidc_login_button_text' => '{{oidc.button_text}}', // Hide the NextCloud password change form. 'oidc_login_hide_password_form' => true, diff --git a/roles/docker-taiga/Development.md b/roles/docker-taiga/Development.md new file mode 100644 index 00000000..2539d9d5 --- /dev/null +++ b/roles/docker-taiga/Development.md @@ -0,0 +1,15 @@ +# Development + +## Build front container + +```bash +docker compose up -d --force-recreate taiga-front +``` + +## Debug + +Verify front configuration: + +```bash +docker compose exec -it taiga-front cat /usr/share/nginx/html/conf.json +``` \ No newline at end of file diff --git a/roles/docker-taiga/README.md b/roles/docker-taiga/README.md index f81dbd96..7a736644 100644 --- a/roles/docker-taiga/README.md +++ b/roles/docker-taiga/README.md @@ -34,7 +34,7 @@ By using this role, teams can set up Taiga in minutes on Arch Linux systems β€” ## Features - 🐳 **Docker-Based Deployment:** Easy containerized setup of backend, frontend, async workers, and events service. -- πŸ›‘οΈ **OIDC Support:** Seamless login integration with providers like Keycloak when `applications[application_id].oidc.enabled` is `true`. +- πŸ” **OIDC (Single Sign-On):** Supported via [taiga-contrib-openid-auth (robrotheram)](https://github.com/robrotheram/taiga-contrib-openid-auth) - πŸ“¨ **Email Backend:** Supports SMTP and console backends for development. - πŸ” **Async & Realtime Events:** Includes RabbitMQ and support for Taiga’s event system. - 🌐 **Reverse Proxy Ready:** Integrates with Nginx using the `nginx-domain-setup` role. diff --git a/roles/docker-taiga/templates/docker-compose.yml.j2 b/roles/docker-taiga/templates/docker-compose.yml.j2 index aff6a4b9..6daf1a32 100644 --- a/roles/docker-taiga/templates/docker-compose.yml.j2 +++ b/roles/docker-taiga/templates/docker-compose.yml.j2 @@ -47,8 +47,8 @@ services: {% include 'roles/docker-compose/templates/services/base.yml.j2' %} {% include 'templates/docker/container/networks.yml.j2' %} taiga: - # volumes: - # - ./conf.json:/usr/share/nginx/html/conf.json +# volumes: +# - {{ taiga_frontend_conf_path }}:/usr/share/nginx/html/conf.json:ro taiga-events: image: taigaio/taiga-events:latest diff --git a/roles/docker-taiga/templates/env.j2 b/roles/docker-taiga/templates/env.j2 index db50c02c..be2026dc 100644 --- a/roles/docker-taiga/templates/env.j2 +++ b/roles/docker-taiga/templates/env.j2 @@ -56,7 +56,7 @@ OPENID_USER_URL="{{oidc.client.user_info_url}}" OPENID_TOKEN_URL="{{oidc.client.token_url}}" OPENID_CLIENT_ID="{{oidc.client.id}}" OPENID_CLIENT_SECRET="{{oidc.client.secret}}" -OPENID_NAME="SSO" +OPENID_NAME="{{oidc.button_text}}" # Default Values # # OPENID_ID_FIELD="sub" diff --git a/roles/docker-taiga/vars/main.yml b/roles/docker-taiga/vars/main.yml index f0166403..fec2b65a 100644 --- a/roles/docker-taiga/vars/main.yml +++ b/roles/docker-taiga/vars/main.yml @@ -5,4 +5,5 @@ docker_repository_address: "https://github.com/taigaio/taiga-docker" email_backend: "smtp" ## use an SMTP server or display the emails in the console (either "smtp" or "console") docker_compose_init: "{{docker_compose.directories.instance}}docker-compose-inits.yml.j2" taiga_image_backend: "{{ 'robrotheram/taiga-back-openid' if applications[application_id].oidc.enabled else 'taigaio/taiga-back' }}" -taiga_image_frontend: "{{ 'robrotheram/taiga-front-openid' if applications[application_id].oidc.enabled else 'taigaio/taiga-front' }}" \ No newline at end of file +taiga_image_frontend: "{{ 'robrotheram/taiga-front-openid' if applications[application_id].oidc.enabled else 'taigaio/taiga-front' }}" +taiga_frontend_conf_path: "{{docker_compose.directories.conf}}conf.json"