Added OIDC for bigbluebutton

group_vars/all

@@ -306,6 +306,7 @@ oauth2_proxy_allowed_roles:                   admin
 oauth2_proxy_client_id:                       "{{primary_domain}}"                      # The id of the client application
 oauth2_proxy_client_secret:                   "{{primary_oauth2_proxy_client_secret}}"  # Default use wildcard for primary domain, subdomain client specific configuration in vars files in the roles is possible
 oauth2_proxy_cookie_secret:                   "{{primary_oauth2_proxy_cookie_secret}}"  # Default use wildcard for primary domain, subdomain client specific configuration in vars files in the roles is possible openssl rand -hex 16
+oauth2_proxy_oidc_issuer_url:                 "https://{{domain_keycloak}}/realms/{{primary_domain}}"
 
 #### Peertube
 peertube_version:                         "bookworm"

roles/docker-baserow/README.md

@@ -2,4 +2,9 @@
 
 This role allows the setup of [baserole](https://baserow.io/).
 
+## More Information
+
 It was created with the help of [Chat GPT-4](https://chat.openai.com/share/556c2d7f-6b6f-4256-a646-a50529554efc).
+
+## SSO
+SSO is just activated in the Enterprise Edition. Also no LDAP configuration is available. [More information](https://baserow.io/user-docs/enable-single-sign-on-sso).

roles/docker-bigbluebutton/README.md

@@ -20,6 +20,9 @@ watch -n 2 "docker compose ps -a"
  sudo docker-compose exec -it postgres psql -U postgres
 ```
 
+## SSO
+- https://docs.bigbluebutton.org/greenlight/v3/external-authentication/
+
 ## further information
 - https://github.com/bigbluebutton/docker
 - https://docs.bigbluebutton.org/greenlight/gl-install.html#setting-bigbluebutton-credentials
@@ -29,3 +32,4 @@ watch -n 2 "docker compose ps -a"
 - https://www.cyberciti.biz/faq/linux-restart-network-interface/
 - https://stackoverflow.com/questions/53347951/docker-network-not-found
 - https://github.com/bigbluebutton/docker/issues/325
+

roles/docker-bigbluebutton/templates/env.j2

@@ -280,3 +280,11 @@ HELP_URL=https://docs.bigbluebutton.org/greenlight/gl-overview.html
 #   invite - For invite only registration
 #   approval - For approve/decline registration
 DEFAULT_REGISTRATION=invite
+
+### EXTERNAL AUTHENTICATION METHODS
+# @See https://docs.bigbluebutton.org/greenlight/v3/external-authentication/
+#
+OPENID_CONNECT_CLIENT_ID={{oauth2_proxy_client_id}}
+OPENID_CONNECT_CLIENT_SECRET={{oauth2_proxy_client_secret}}
+OPENID_CONNECT_ISSUER={{oauth2_proxy_oidc_issuer_url}}
+OPENID_CONNECT_REDIRECT={{domain}}

roles/docker-discourse/templates/discourse_application.yml.j2

@@ -40,7 +40,6 @@ env:
   ## will be set automatically by bootstrap based on detected CPUs, or you can override
   UNICORN_WORKERS: 8
 
-  ## TODO: The domain name this Discourse instance will respond to
   ## Required. Discourse will not work with a bare IP number.
   DISCOURSE_HOSTNAME: {{domain}}
 
@@ -48,11 +47,9 @@ env:
   ## hostname (-h option) as specified above (default "$hostname-$config")
   #DOCKER_USE_HOSTNAME: true
 
-  ## TODO: List of comma delimited emails that will be made admin and developer
   ## on initial signup example 'user1@example.com,user2@example.com'
   DISCOURSE_DEVELOPER_EMAILS:       {{administrator_email}}
 
-  ## TODO: The SMTP mail server used to validate new accounts and send notifications
   # SMTP ADDRESS, username, and password are required
   # WARNING the char '#' in SMTP password can cause problems!
   DISCOURSE_SMTP_ADDRESS:           {{ system_email_host }}

roles/docker-oauth2-proxy/templates/oauth2-proxy-keycloak.cfg.j2

@@ -10,7 +10,7 @@ whitelist_domains       =   [".{{primary_domain}}"]
 client_secret           =   "{{oauth2_proxy_client_secret}}"
 client_id               =   "{{oauth2_proxy_client_id}}"
 redirect_url            =   "https://{{domain}}/oauth2/callback"
-oidc_issuer_url         =   "https://{{domain_keycloak}}/realms/{{primary_domain}}"
+oidc_issuer_url         =   "{{oauth2_proxy_oidc_issuer_url}}"
 provider                =   "oidc"
 provider_display_name   =   "Keycloak"