diff --git a/group_vars/all b/group_vars/all index 13be8df3..8e82414c 100644 --- a/group_vars/all +++ b/group_vars/all @@ -306,6 +306,7 @@ oauth2_proxy_allowed_roles: admin oauth2_proxy_client_id: "{{primary_domain}}" # The id of the client application oauth2_proxy_client_secret: "{{primary_oauth2_proxy_client_secret}}" # Default use wildcard for primary domain, subdomain client specific configuration in vars files in the roles is possible oauth2_proxy_cookie_secret: "{{primary_oauth2_proxy_cookie_secret}}" # Default use wildcard for primary domain, subdomain client specific configuration in vars files in the roles is possible openssl rand -hex 16 +oauth2_proxy_oidc_issuer_url: "https://{{domain_keycloak}}/realms/{{primary_domain}}" #### Peertube peertube_version: "bookworm" diff --git a/roles/docker-baserow/README.md b/roles/docker-baserow/README.md index 96a11258..ea22c0fe 100644 --- a/roles/docker-baserow/README.md +++ b/roles/docker-baserow/README.md @@ -2,4 +2,9 @@ This role allows the setup of [baserole](https://baserow.io/). -It was created with the help of [Chat GPT-4](https://chat.openai.com/share/556c2d7f-6b6f-4256-a646-a50529554efc). \ No newline at end of file +## More Information + +It was created with the help of [Chat GPT-4](https://chat.openai.com/share/556c2d7f-6b6f-4256-a646-a50529554efc). + +## SSO +SSO is just activated in the Enterprise Edition. Also no LDAP configuration is available. [More information](https://baserow.io/user-docs/enable-single-sign-on-sso). \ No newline at end of file diff --git a/roles/docker-bigbluebutton/README.md b/roles/docker-bigbluebutton/README.md index b45cbf59..3549c3e5 100644 --- a/roles/docker-bigbluebutton/README.md +++ b/roles/docker-bigbluebutton/README.md @@ -20,6 +20,9 @@ watch -n 2 "docker compose ps -a" sudo docker-compose exec -it postgres psql -U postgres ``` +## SSO +- https://docs.bigbluebutton.org/greenlight/v3/external-authentication/ + ## further information - https://github.com/bigbluebutton/docker - https://docs.bigbluebutton.org/greenlight/gl-install.html#setting-bigbluebutton-credentials @@ -28,4 +31,5 @@ watch -n 2 "docker compose ps -a" - https://www.cyberciti.biz/faq/linux-command-to-remove-virtual-interfaces-or-network-aliases/ - https://www.cyberciti.biz/faq/linux-restart-network-interface/ - https://stackoverflow.com/questions/53347951/docker-network-not-found -- https://github.com/bigbluebutton/docker/issues/325 \ No newline at end of file +- https://github.com/bigbluebutton/docker/issues/325 + diff --git a/roles/docker-bigbluebutton/templates/env.j2 b/roles/docker-bigbluebutton/templates/env.j2 index df7a2b3d..c33ee83c 100644 --- a/roles/docker-bigbluebutton/templates/env.j2 +++ b/roles/docker-bigbluebutton/templates/env.j2 @@ -280,3 +280,11 @@ HELP_URL=https://docs.bigbluebutton.org/greenlight/gl-overview.html # invite - For invite only registration # approval - For approve/decline registration DEFAULT_REGISTRATION=invite + +### EXTERNAL AUTHENTICATION METHODS +# @See https://docs.bigbluebutton.org/greenlight/v3/external-authentication/ +# +OPENID_CONNECT_CLIENT_ID={{oauth2_proxy_client_id}} +OPENID_CONNECT_CLIENT_SECRET={{oauth2_proxy_client_secret}} +OPENID_CONNECT_ISSUER={{oauth2_proxy_oidc_issuer_url}} +OPENID_CONNECT_REDIRECT={{domain}} diff --git a/roles/docker-discourse/templates/discourse_application.yml.j2 b/roles/docker-discourse/templates/discourse_application.yml.j2 index e91ce845..7394902e 100644 --- a/roles/docker-discourse/templates/discourse_application.yml.j2 +++ b/roles/docker-discourse/templates/discourse_application.yml.j2 @@ -40,7 +40,6 @@ env: ## will be set automatically by bootstrap based on detected CPUs, or you can override UNICORN_WORKERS: 8 - ## TODO: The domain name this Discourse instance will respond to ## Required. Discourse will not work with a bare IP number. DISCOURSE_HOSTNAME: {{domain}} @@ -48,11 +47,9 @@ env: ## hostname (-h option) as specified above (default "$hostname-$config") #DOCKER_USE_HOSTNAME: true - ## TODO: List of comma delimited emails that will be made admin and developer ## on initial signup example 'user1@example.com,user2@example.com' DISCOURSE_DEVELOPER_EMAILS: {{administrator_email}} - ## TODO: The SMTP mail server used to validate new accounts and send notifications # SMTP ADDRESS, username, and password are required # WARNING the char '#' in SMTP password can cause problems! DISCOURSE_SMTP_ADDRESS: {{ system_email_host }} diff --git a/roles/docker-oauth2-proxy/templates/oauth2-proxy-keycloak.cfg.j2 b/roles/docker-oauth2-proxy/templates/oauth2-proxy-keycloak.cfg.j2 index 135965c4..0f02fa76 100644 --- a/roles/docker-oauth2-proxy/templates/oauth2-proxy-keycloak.cfg.j2 +++ b/roles/docker-oauth2-proxy/templates/oauth2-proxy-keycloak.cfg.j2 @@ -10,7 +10,7 @@ whitelist_domains = [".{{primary_domain}}"] client_secret = "{{oauth2_proxy_client_secret}}" client_id = "{{oauth2_proxy_client_id}}" redirect_url = "https://{{domain}}/oauth2/callback" -oidc_issuer_url = "https://{{domain_keycloak}}/realms/{{primary_domain}}" +oidc_issuer_url = "{{oauth2_proxy_oidc_issuer_url}}" provider = "oidc" provider_display_name = "Keycloak"