Domů Procházet Nápověda
Přihlásit se
LBP
/
FressRSS
zrcadlo https://github.com/FreshRSS/FreshRSS.git
4
0
Rozštěpit 0
Soubory Úkoly 0 Wiki
Procházet zdrojové kódy

Allow choosing the OIDC remote user claim and scopes to request from the identity provider (#5481)

* Allow choosing the OIDC remote user claim and scopes to request from the identity provider

* Added comment to explain how checking whether an environment variable is set is done

* Use apostrophe's instead of single quotes for verb contractions in docs

* Move variables used for checking presence of environment variables inside IfDefine block
otaconix před 2 roky
rodič
ee195354d9
revize
fc579bd2bc
2 změnil soubory, kde provedl 21 přidání a 2 odebrání
Jednotné zobrazení Ukázat statistiku rozdílových dat
  1. 19 2
      Docker/FreshRSS.Apache.conf
  2. 2 0
      docs/en/admins/16_OpenID-Connect.md

+ 19 - 2
Docker/FreshRSS.Apache.conf
Zobrazit soubor 

@@ -15,6 +15,11 @@ TraceEnable Off
 
 		Error "The auth_openidc_module is not available. Install it or unset environment variable OIDC_ENABLED."
 
 		Error "The auth_openidc_module is not available. Install it or unset environment variable OIDC_ENABLED."
 
 	</IfModule>
 
 	</IfModule>
 
 
 
+	# Workaround to be able to check whether an environment variable is set
 
+	# See: https://serverfault.com/questions/1022233/using-ifdefine-with-environment-variables/1022234#1022234
 
+	Define VStart "${"
 
+	Define VEnd "}"
 
+
 
 	OIDCProviderMetadataURL ${OIDC_PROVIDER_METADATA_URL}
 
 	OIDCProviderMetadataURL ${OIDC_PROVIDER_METADATA_URL}
 
 	OIDCClientID ${OIDC_CLIENT_ID}
 
 	OIDCClientID ${OIDC_CLIENT_ID}
 
 	OIDCClientSecret ${OIDC_CLIENT_SECRET}
 
 	OIDCClientSecret ${OIDC_CLIENT_SECRET}
 
@@ -22,8 +27,20 @@ TraceEnable Off
 
 	OIDCRedirectURI /i/oidc/
 
 	OIDCRedirectURI /i/oidc/
 
 	OIDCCryptoPassphrase ${OIDC_CLIENT_CRYPTO_KEY}
 
 	OIDCCryptoPassphrase ${OIDC_CLIENT_CRYPTO_KEY}
 
 
 
-	OIDCRemoteUserClaim preferred_username
 
-	OIDCScope "openid"
 
+	Define "Test_${OIDC_REMOTE_USER_CLAIM}"
 
+	<IfDefine Test_${VStart}OIDC_REMOTE_USER_CLAIM${VEnd}>
 
+		OIDCRemoteUserClaim preferred_username
 
+	</IfDefine>
 
+	<IfDefine !Test_${VStart}OIDC_REMOTE_USER_CLAIM${VEnd}>
 
+		OIDCRemoteUserClaim "${OIDC_REMOTE_USER_CLAIM}"
 
+	</IfDefine>
 
+	Define "Test_${OIDC_SCOPES}"
 
+	<IfDefine Test_${VStart}OIDC_SCOPES${VEnd}>
 
+		OIDCScope openid
 
+	</IfDefine>
 
+	<IfDefine !Test_${VStart}OIDC_SCOPES${VEnd}>
 
+		OIDCScope "${OIDC_SCOPES}"
 
+	</IfDefine>
 
 
 
 	OIDCRefreshAccessTokenBeforeExpiry 30
 
 	OIDCRefreshAccessTokenBeforeExpiry 30
 
 </IfDefine>
 
 </IfDefine>

+ 2 - 0
docs/en/admins/16_OpenID-Connect.md
Zobrazit soubor 

@@ -20,6 +20,8 @@ OIDC support in Docker is activated by the presence of a non-empty non-zero `OID
 
 * `OIDC_CLIENT_ID`: The OIDC client id from your issuer.
 
 * `OIDC_CLIENT_ID`: The OIDC client id from your issuer.
 
 * `OIDC_CLIENT_SECRET`: The OIDC client secret issuer.
 
 * `OIDC_CLIENT_SECRET`: The OIDC client secret issuer.
 
 * `OIDC_CLIENT_CRYPTO_KEY`: An opaque key used for internal encryption.
 
 * `OIDC_CLIENT_CRYPTO_KEY`: An opaque key used for internal encryption.
 
+* `OIDC_REMOTE_USER_CLAIM`: The claim to use as the username within FreshRSS. Defaults to `preferred_username`. Depending on what you choose here, and your identity provider, you’ll need to adjust the scopes you request so that this claim will be accessible. Refer to your identity provider’s documentation.
 
+* `OIDC_SCOPES`: The OIDC scopes to request. Defaults to `openid`. As mentioned previously, make sure the scopes you pick contain whatever `OIDC_REMOTE_USER_CLAIM` you chose.
 
 
 
 You may add additional custom configuration in a new `./FreshRSS/p/i/.htaccess` file.
 
 You may add additional custom configuration in a new `./FreshRSS/p/i/.htaccess` file.