Merge branch 'release/12.1' into dev

pull/10770/head
ulferts 2 years ago
commit 2ef1e1927d
No known key found for this signature in database
GPG Key ID: A205708DE1284017
  1. 1
      docker/prod/postgres-db-upgrade
  2. 23
      docs/installation-and-operations/misc/custom-openid-connect-providers/README.md
  3. 8
      modules/openid_connect/lib/open_project/openid_connect.rb
  4. 6
      modules/openid_connect/lib/open_project/openid_connect/engine.rb

@ -31,3 +31,4 @@ fi
cd /var/lib/postgresql
su -m postgres -c "$PGBINNEW/pg_upgrade"
su -m postgres -c "./analyze_new_cluster.sh"

@ -4,7 +4,7 @@ OpenProject's admin interface only allows you to configure providers from a pre-
This includes Google and Azure right now.
You can still use an arbitrary provider. But for the time being there is no user interface for this.
That means you will have to do it directly using the console on the server.
That means you will have to do it directly using the console on the server or via environment variables.
<div class="alert alert-info" role="alert">
@ -83,6 +83,27 @@ Clicking on it will start the login process.
_**Note**: This is an Enterprise Edition feature. If you do not see the button you will have to activate the Enterprise Edition first._
## Environment variables
Rather than setting these options via the rails console, you can also define them through the
[OpenProject configuration](https://www.openproject.org/docs/installation-and-operations/configuration/) which can
also be defined through
[environment variables](https://www.openproject.org/docs/installation-and-operations/configuration/environment/).
The variable names can be derived from the options seen above. All variables will start with the prefix
`OPENPROJECT_OPENID__CONNECT_` followed by the provider name. For instance the okta example from above would
be defined via environment variables like this:
```
OPENPROJECT_OPENID__CONNECT_OKTA_DISPLAY__NAME="Okta"
OPENPROJECT_OPENID__CONNECT_OKTA_HOST="mypersonal.okta.com"
OPENPROJECT_OPENID__CONNECT_OKTA_IDENTIFIER="<identifier or client id>"
# etc.
```
**Note**: Underscores in option names must be escaped by doubling them. So make sure to really do use two consecutive
underscores in `DISPLAY__NAME`, `TOKEN__ENDPOINT` and so forth.
## More options
You can see a list of possible options [here](https://github.com/m0n9oose/omniauth_openid_connect#options-overview).

@ -1,8 +1,10 @@
module OpenProject
module OpenIDConnect
require 'omniauth/openid_connect/providers'
require 'open_project/openid_connect/engine'
module OpenProject
module OpenIDConnect
CONFIG_KEY = 'openid_connect'.freeze
def providers
# update base redirect URI in case settings changed
::OmniAuth::OpenIDConnect::Providers.configure(
@ -21,7 +23,7 @@ module OpenProject
{}
end
# Settings override configuration.yml
Hash(OpenProject::Configuration["openid_connect"]).deep_merge(from_settings)
Hash(OpenProject::Configuration[CONFIG_KEY]).deep_merge(from_settings)
end
module_function :configuration
end

@ -43,6 +43,12 @@ module OpenProject::OpenIDConnect
end
end
initializer "openid_connect.configure" do
::Settings::Definition.add(
OpenProject::OpenIDConnect::CONFIG_KEY, value: {}, writable: false
)
end
initializer 'openid_connect.form_post_method' do
# If response_mode 'form_post' is chosen,
# the IP sends a POST to the callback. Only if

Loading…
Cancel
Save