Merge remote-tracking branch 'origin/release/12.4' into dev

2 years ago · f21c1efb2a
parent 0e74bd30da 6d0de8857c
commit f21c1efb2a
3 changed files with 15 additions and 5 deletions
--- a/docs/installation-and-operations/misc/custom-openid-connect-providers/README.md
+++ b/docs/installation-and-operations/misc/custom-openid-connect-providers/README.md
@ -29,7 +29,8 @@ options = {
  "secret"=>"<secret>",
  "authorization_endpoint" => "/oauth2/v1/authorize",
  "token_endpoint" => "/oauth2/v1/token",
-  "userinfo_endpoint" => "/oauth2/v1/userinfo"
+  "userinfo_endpoint" => "/oauth2/v1/userinfo",
+  "end_session_endpoint" => "https://mypersonal.okta.com/oauth2/{authorizationServerId}/v1/logout"
 }
 ```

@ -261,6 +262,7 @@ OPENPROJECT_OPENID__CONNECT_KEYCLOAK_SECRET="<The client secret you copied from
 OPENPROJECT_OPENID__CONNECT_KEYCLOAK_AUTHORIZATION__ENDPOINT="/realms/REALM/protocol/openid-connect/auth"
 OPENPROJECT_OPENID__CONNECT_KEYCLOAK_TOKEN__ENDPOINT="/realms/REALM/protocol/openid-connect/token"
 OPENPROJECT_OPENID__CONNECT_KEYCLOAK_USERINFO__ENDPOINT="/realms/REALM/protocol/openid-connect/userinfo"
+OPENPROJECT_OPENID__CONNECT_KEYCLOAK_END__SESSION__ENDPOINT="http://<Hostname of the keycloak server>/realms/REALM/protocol/openid-connect/logout"
 # Optional, if you have created the client scope mapper as shown above
 # OPENPROJECT_OPENID__CONNECT_KEYCLOAK_ATTRIBUTE__MAP_LOGIN="preferred_username"
 ```
--- a/docs/system-admin-guide/authentication/two-factor-authentication/README.md
+++ b/docs/system-admin-guide/authentication/two-factor-authentication/README.md
@ -28,6 +28,14 @@ Usually with another device device like a mobile phone or a tablet, you are able
 - Google Authenticator
 - Microsoft Authenticator

+### Clock skew
+
+TOTP operates on the principal that the second factor and the server handling the authentication process are roughly in sync.
+By default, the allowed clock skew (difference in seconds between client and server) is 30 seconds, which means that the server will accept time shifts of 30 seconds in the past and future, respectively.
+
+If you are trying to register a new device and keep getting failures even though the code appears correct,
+time drift between the device and the server is most likely the reason for it.
+
 ## Advanced 2FA using MessageBird, Amazon SNS

 At the moment the advanced settings for improved security are only reachable on the by defining [configuration variables](https://www.openproject.org/docs/installation-and-operations/configuration/).
--- a/docs/system-admin-guide/integrations/nextcloud/README.md
+++ b/docs/system-admin-guide/integrations/nextcloud/README.md
@ -25,8 +25,6 @@ OpenProject offers close integration with Nextcloud to allow users to:
 - View all work packages linked to a file
 - View OpenProject notifications via the Nextcloud dashboard

-
-
 ## Minimum requirements

 Please note these minimum version requirements for the integration to work:
@ -35,12 +33,14 @@ Please note these minimum version requirements for the integration to work:
 - Nextcloud version 22 (or above)
 - The [OpenProject Integration](https://apps.nextcloud.com/apps/integration_openproject) app, version 2.0.0 (or above)

-
-
 ## Setting up the integration

 > **Important**: You need to have administrator privileges in both your Nextcloud and OpenProject instances to set up this integration.

+Watch this video to find out how to set up the Nextcloud integration as an Administrator and as a user.
+<video src="https://openproject-docs.s3.eu-central-1.amazonaws.com/videos/OpenProject-Nextcloud-Integration-Setup.mp4" type="video/mp4" controls="" style="width:100%"></video>
+
+
 #### 1. Add the "OpenProject Integration" app in Nextcloud and point it to your OpenProject instance

 Start by opening your Nextcloud instance as an administrator.