bero/test
1
0
Fork 0
Code Issues 52 Pull Requests 3 Actions Packages Projects Releases Wiki Activity

Added group claims to espocrm SSO

Browse Source
This commit is contained in:
root 2024-09-12 18:22:11 +00:00
parent 889430e857
commit c2f8acfecf
1 changed files with 9 additions and 36 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

45
lib/espocrm.sh
View File

@ -246,6 +246,7 @@ EOF
cat >> /federated/apps/espocrm/.env <<EOF cat >> /federated/apps/espocrm/.env <<EOF
ESPOCRM_CONFIG_AUTHENTICATION_METHOD=Oidc ESPOCRM_CONFIG_AUTHENTICATION_METHOD=Oidc
ESPOCRM_CONFIG_OIDC_USERNAME_CLAIM=preferred_username ESPOCRM_CONFIG_OIDC_USERNAME_CLAIM=preferred_username
ESPOCRM_CONFIG_OIDC_GROUP_CLAIM=groups
ESPOCRM_CONFIG_OIDC_FALLBACK=true ESPOCRM_CONFIG_OIDC_FALLBACK=true
ESPOCRM_CONFIG_OIDC_CLIENT_ID=espocrm ESPOCRM_CONFIG_OIDC_CLIENT_ID=espocrm
ESPOCRM_CONFIG_OIDC_CLIENT_SECRET=$ESPOCRM_CLIENT_SECRET ESPOCRM_CONFIG_OIDC_CLIENT_SECRET=$ESPOCRM_CLIENT_SECRET
@ -261,45 +262,17 @@ ESPOCRM_CONFIG_OIDC_ALLOW_REGULAR_USER_FALLBACK=false
ESPOCRM_CONFIG_OIDC_AUTHORIZATION_PROMPT=consent ESPOCRM_CONFIG_OIDC_AUTHORIZATION_PROMPT=consent
EOF EOF
# Add in Scopes after authenticationMethod # Add in Scopes after authenticationMethod
sed -i "/oidcScopes/{n;N;N;N;d}" /federated/apps/espocrm/data/var/www/html/data/config.php sed -i "/oidcScopes/{n;N;N;N;d}" /federated/apps/espocrm/data/var/www/html/data/config.php
sed -i "/oidcScopes/d" /federated/apps/espocrm/data/var/www/html/data/config.php sed -i "/oidcScopes/d" /federated/apps/espocrm/data/var/www/html/data/config.php
sed -i "/authenticationMethod/a \ 'oidcScopes' => [\n\ 0 => 'profile',\n\ 1 => 'email',\n\ 2 => 'openid'\n\ ]," /federated/apps/espocrm/data/var/www/html/data/config.php sed -i "/authenticationMethod/a \ 'oidcScopes' => [\n\ 0 => 'profile',\n\ 1 => 'email',\n\ 2 => 'groups',\n\ 3 => 'openid'\n\ ]," /federated/apps/espocrm/data/var/www/html/data/config.php
# Add in extra_hosts to docker-compose # Add in extra_hosts to docker-compose
[[ ! $(grep extra_hosts /federated/apps/espocrm/docker-compose.yml 2>/dev/null) ]] && sed -i "/restart: always/a \ extra_hosts:\n\ - \"authelia.$DOMAIN:$EXTERNALIP\"" /federated/apps/espocrm/docker-compose.yml [[ ! $(grep extra_hosts /federated/apps/espocrm/docker-compose.yml 2>/dev/null) ]] && sed -i "/restart: always/a \ extra_hosts:\n\ - \"authelia.$DOMAIN:$EXTERNALIP\"" /federated/apps/espocrm/docker-compose.yml
# Set auth method to Oidc only # Set auth method to Oidc only
sed -i "s/ESPOCRM_CONFIG_AUTHENTICATION_METHOD=LDAP/#ESPOCRM_CONFIG_AUTHENTICATION_METHOD=LDAP/g" /federated/apps/espocrm/.env sed -i "s/ESPOCRM_CONFIG_AUTHENTICATION_METHOD=LDAP/#ESPOCRM_CONFIG_AUTHENTICATION_METHOD=LDAP/g" /federated/apps/espocrm/.env
: '
'authenticationMethod' => 'Oidc',
'oidcJwtSignatureAlgorithmList' => [
0 => 'RS256'
],
'oidcUsernameClaim' => 'preferred_username',
'oidcFallback' => true,
'oidcScopes' => [
0 => 'profile',
1 => 'email',
2 => 'openid'
],
'oidcClientId' => 'espocrm',
'oidcAuthorizationEndpoint' => 'https://authelia.f11957a1.fedcom.net/api/oidc/authorization',
'oidcTokenEndpoint' => 'https://authelia.f11957a1.fedcom.net/api/oidc/token',
'oidcJwksEndpoint' => 'https://authelia.f11957a1.fedcom.net/jwks.json',
'oidcCreateUser' => true,
'oidcAllowAdminUser' => true,
'oidcLogoutUrl' => 'https://authelia.f11957a1.fedcom.net/logout',
'oidcSync' => false,
'oidcGroupClaim' => NULL,
'oidcSyncTeams' => false,
'oidcAllowRegularUserFallback' => false,
'oidcTeamsIds' => [],
'oidcTeamsNames' => (object) [],
'oidcTeamsColumns' => (object) [],
'oidcAuthorizationPrompt' => 'consent',
'
/federated/bin/stop espocrm /federated/bin/stop espocrm
/federated/bin/start espocrm /federated/bin/start espocrm
} }