mirror of
https://github.com/kevinveenbirkenbach/computer-playbook.git
synced 2025-08-29 15:06:26 +02:00
Optimized LDAP implementation for Snipe-IT and implemented Mobilizon draft
This commit is contained in:
@@ -14,6 +14,7 @@ ports:
|
||||
phpldapadmin: 4186
|
||||
fusiondirectory: 4187
|
||||
gitea: 4188
|
||||
snipe-it: 4189
|
||||
ldap:
|
||||
ldap: 389
|
||||
http:
|
||||
@@ -59,6 +60,7 @@ ports:
|
||||
espocrm: 8040
|
||||
syncope: 8041
|
||||
collabora: 8042
|
||||
mobilizon: 8043
|
||||
bigbluebutton: 48087 # This port is predefined by bbb. @todo Try to change this to a 8XXX port
|
||||
# Ports which are exposed to the World Wide Web
|
||||
public:
|
||||
|
||||
@@ -14,8 +14,8 @@ defaults_networks:
|
||||
subnet: 192.168.101.16/28
|
||||
baserow:
|
||||
subnet: 192.168.101.32/28
|
||||
# Free:
|
||||
# subnet: 192.168.101.48/28
|
||||
mobilizon:
|
||||
subnet: 192.168.101.48/28
|
||||
bluesky:
|
||||
subnet: 192.168.101.64/28
|
||||
friendica:
|
||||
|
||||
33
group_vars/all/12_oidc.yml
Normal file
33
group_vars/all/12_oidc.yml
Normal file
@@ -0,0 +1,33 @@
|
||||
#############################################
|
||||
### Identity and Access Management (IAM) ###
|
||||
#############################################
|
||||
|
||||
#############################################
|
||||
### OIDC ###
|
||||
#############################################
|
||||
# @see https://en.wikipedia.org/wiki/OpenID_Connect
|
||||
|
||||
## Helper Variables:
|
||||
_oidc_client_realm: "{{ oidc.client.realm if oidc.client is defined and oidc.client.realm is defined else primary_domain }}"
|
||||
_oidc_client_issuer_url: "{{ web_protocol }}://{{domains | get_domain('keycloak')}}/realms/{{_oidc_client_realm}}"
|
||||
|
||||
defaults_oidc:
|
||||
client:
|
||||
id: "{{primary_domain}}" # Client identifier, typically matching your primary domain
|
||||
# secret: # Client secret for authenticating with the OIDC provider (set in the inventory file). Recommend greater then 32 characters
|
||||
realm: "{{_oidc_client_realm}}" # The realm to which the client belongs in the OIDC provider
|
||||
issuer_url: "{{_oidc_client_issuer_url}}" # Base URL of the OIDC provider (issuer)
|
||||
discovery_document: "{{_oidc_client_issuer_url}}/.well-known/openid-configuration" # URL for fetching the provider's configuration details
|
||||
authorize_url: "{{_oidc_client_issuer_url}}/protocol/openid-connect/auth" # Endpoint to start the authorization process
|
||||
token_url: "{{_oidc_client_issuer_url}}/protocol/openid-connect/token" # Endpoint to exchange authorization codes for tokens (note: 'token_url' may be a typo for 'token_url')
|
||||
user_info_url: "{{_oidc_client_issuer_url}}/protocol/openid-connect/userinfo" # Endpoint to retrieve user information
|
||||
logout_url: "{{_oidc_client_issuer_url}}/protocol/openid-connect/logout" # Endpoint to log out the user
|
||||
change_credentials: "{{_oidc_client_issuer_url}}account/account-security/signing-in" # URL for managing or changing user credentials
|
||||
certs: "{{_oidc_client_issuer_url}}/protocol/openid-connect/certs" # JSON Web Key Set (JWKS)
|
||||
button_text: "SSO Login ({{primary_domain | upper}})" # Default button text
|
||||
attributes:
|
||||
# Attribut to identify the user
|
||||
username: "preferred_username"
|
||||
given_name: "givenName"
|
||||
family_name: "surname"
|
||||
email: "email"
|
||||
@@ -1,36 +1,3 @@
|
||||
#############################################
|
||||
### Identity and Access Management (IAM) ###
|
||||
#############################################
|
||||
|
||||
#############################################
|
||||
### OIDC ###
|
||||
#############################################
|
||||
# @see https://en.wikipedia.org/wiki/OpenID_Connect
|
||||
|
||||
## Helper Variables:
|
||||
_oidc_client_realm: "{{ oidc.client.realm if oidc.client is defined and oidc.client.realm is defined else primary_domain }}"
|
||||
_oidc_client_issuer_url: "{{ web_protocol }}://{{domains | get_domain('keycloak')}}/realms/{{_oidc_client_realm}}"
|
||||
|
||||
defaults_oidc:
|
||||
client:
|
||||
id: "{{primary_domain}}" # Client identifier, typically matching your primary domain
|
||||
# secret: # Client secret for authenticating with the OIDC provider (set in the inventory file). Recommend greater then 32 characters
|
||||
realm: "{{_oidc_client_realm}}" # The realm to which the client belongs in the OIDC provider
|
||||
issuer_url: "{{_oidc_client_issuer_url}}" # Base URL of the OIDC provider (issuer)
|
||||
discovery_document: "{{_oidc_client_issuer_url}}/.well-known/openid-configuration" # URL for fetching the provider's configuration details
|
||||
authorize_url: "{{_oidc_client_issuer_url}}/protocol/openid-connect/auth" # Endpoint to start the authorization process
|
||||
token_url: "{{_oidc_client_issuer_url}}/protocol/openid-connect/token" # Endpoint to exchange authorization codes for tokens (note: 'token_url' may be a typo for 'token_url')
|
||||
user_info_url: "{{_oidc_client_issuer_url}}/protocol/openid-connect/userinfo" # Endpoint to retrieve user information
|
||||
logout_url: "{{_oidc_client_issuer_url}}/protocol/openid-connect/logout" # Endpoint to log out the user
|
||||
change_credentials: "{{_oidc_client_issuer_url}}account/account-security/signing-in" # URL for managing or changing user credentials
|
||||
certs: "{{_oidc_client_issuer_url}}/protocol/openid-connect/certs" # JSON Web Key Set (JWKS)
|
||||
button_text: "SSO Login ({{primary_domain | upper}})" # Default button text
|
||||
attributes:
|
||||
# Attribut to identify the user
|
||||
username: "preferred_username"
|
||||
given_name: "givenName"
|
||||
family_name: "surname"
|
||||
email: "email"
|
||||
|
||||
#############################################
|
||||
### LDAP ###
|
||||
Reference in New Issue
Block a user