Added group claims to espocrm SSO

2024-09-12 18:22:11 +00:00 · 2024-09-12 18:22:11 +00:00 · c2f8acfecf
commit c2f8acfecf
parent 889430e857
1 changed files with 9 additions and 36 deletions
--- a/lib/espocrm.sh
+++ b/lib/espocrm.sh
@ -246,6 +246,7 @@ EOF
 cat >> /federated/apps/espocrm/.env <<EOF
 ESPOCRM_CONFIG_AUTHENTICATION_METHOD=Oidc
 ESPOCRM_CONFIG_OIDC_USERNAME_CLAIM=preferred_username
+ESPOCRM_CONFIG_OIDC_GROUP_CLAIM=groups
 ESPOCRM_CONFIG_OIDC_FALLBACK=true
 ESPOCRM_CONFIG_OIDC_CLIENT_ID=espocrm
 ESPOCRM_CONFIG_OIDC_CLIENT_SECRET=$ESPOCRM_CLIENT_SECRET
@ -261,45 +262,17 @@ ESPOCRM_CONFIG_OIDC_ALLOW_REGULAR_USER_FALLBACK=false
 ESPOCRM_CONFIG_OIDC_AUTHORIZATION_PROMPT=consent
 EOF

-# Add in Scopes after authenticationMethod
-sed -i "/oidcScopes/{n;N;N;N;d}" /federated/apps/espocrm/data/var/www/html/data/config.php
-sed -i "/oidcScopes/d" /federated/apps/espocrm/data/var/www/html/data/config.php
-sed -i "/authenticationMethod/a  \  'oidcScopes' => [\n\    0 => 'profile',\n\    1 => 'email',\n\    2 => 'openid'\n\  ]," /federated/apps/espocrm/data/var/www/html/data/config.php
+  # Add in Scopes after authenticationMethod
+  sed -i "/oidcScopes/{n;N;N;N;d}" /federated/apps/espocrm/data/var/www/html/data/config.php
+  sed -i "/oidcScopes/d" /federated/apps/espocrm/data/var/www/html/data/config.php
+  sed -i "/authenticationMethod/a  \  'oidcScopes' => [\n\    0 => 'profile',\n\    1 => 'email',\n\    2 => 'groups',\n\    3 => 'openid'\n\  ]," /federated/apps/espocrm/data/var/www/html/data/config.php

-# Add in extra_hosts to docker-compose
-[[ ! $(grep extra_hosts /federated/apps/espocrm/docker-compose.yml 2>/dev/null) ]] && sed -i "/restart: always/a  \    extra_hosts:\n\      - \"authelia.$DOMAIN:$EXTERNALIP\"" /federated/apps/espocrm/docker-compose.yml
+  # Add in extra_hosts to docker-compose
+  [[ ! $(grep extra_hosts /federated/apps/espocrm/docker-compose.yml 2>/dev/null) ]] && sed -i "/restart: always/a  \    extra_hosts:\n\      - \"authelia.$DOMAIN:$EXTERNALIP\"" /federated/apps/espocrm/docker-compose.yml

-# Set auth method to Oidc only
-sed -i "s/ESPOCRM_CONFIG_AUTHENTICATION_METHOD=LDAP/#ESPOCRM_CONFIG_AUTHENTICATION_METHOD=LDAP/g" /federated/apps/espocrm/.env
+  # Set auth method to Oidc only
+  sed -i "s/ESPOCRM_CONFIG_AUTHENTICATION_METHOD=LDAP/#ESPOCRM_CONFIG_AUTHENTICATION_METHOD=LDAP/g" /federated/apps/espocrm/.env

-: '
- 'authenticationMethod' => 'Oidc',
-  'oidcJwtSignatureAlgorithmList' => [
-    0 => 'RS256'
-  ],
-  'oidcUsernameClaim' => 'preferred_username',
-  'oidcFallback' => true,
-  'oidcScopes' => [
-    0 => 'profile',
-    1 => 'email',
-    2 => 'openid'
-  ],
-    'oidcClientId' => 'espocrm',
-  'oidcAuthorizationEndpoint' => 'https://authelia.f11957a1.fedcom.net/api/oidc/authorization',
-  'oidcTokenEndpoint' => 'https://authelia.f11957a1.fedcom.net/api/oidc/token',
-  'oidcJwksEndpoint' => 'https://authelia.f11957a1.fedcom.net/jwks.json',
-  'oidcCreateUser' => true,
-  'oidcAllowAdminUser' => true,
-  'oidcLogoutUrl' => 'https://authelia.f11957a1.fedcom.net/logout',
-    'oidcSync' => false,
-  'oidcGroupClaim' => NULL,
-  'oidcSyncTeams' => false,
-  'oidcAllowRegularUserFallback' => false,
-  'oidcTeamsIds' => [],
-  'oidcTeamsNames' => (object) [],
-  'oidcTeamsColumns' => (object) [],
-    'oidcAuthorizationPrompt' => 'consent',
-'
  /federated/bin/stop espocrm
  /federated/bin/start espocrm
 }