move to oauth login [skip ci]

This commit is contained in:
Sebastian Hugentobler 2022-03-14 10:02:16 +01:00
parent a28393fde1
commit ed3c1ff7c1
Signed by: shu
GPG Key ID: BB32CF3CA052C2F0
3 changed files with 35 additions and 21 deletions

View File

@ -1,4 +1,4 @@
[Roundcube](https://roundcube.net/) webmail interface with postgres backend. [Roundcube](https://roundcube.net/) webmail interface with postgres backend and oauth login.
# Environment Variables # Environment Variables
## DOMAINS ## DOMAINS
@ -39,29 +39,30 @@ Secret key for session secrets.
Encryption algorithm for session secrets. Encryption algorithm for session secrets.
## CARDDAV_PRESETS ## OAUTH_PROVIDER_NAME
Configured preset addressbooks are created for a user as they log in. Name of the oauth provider on the roundcube login page.
For example: ## OAUTH_CLIENT_ID
```$prefs['Personal'] = array( Client id for oauth login.
// required attributes
'name' => 'Personal',
// will be substituted for the roundcube username
'username' => '%u',
// will be substituted for the roundcube password
'password' => '%p',
// %u will be substituted for the CardDAV username
'url' => 'https://my.nextcloud.org/remote.php/dav/addressbooks/users/%u/contacts/',
'active' => true, ## OAUTH_CLIENT_SECRET
'readonly' => false, Client secret for oauth login.
'refresh_time' => '02:00:00',
'fixed' => array( 'username' ), ## OAUTH_AUTH_URI
'hide' => false, Auth uri for oauth login.
);
Example for keycloak: `https://example.com/realms/master/protocol/openid-connect/auth`
## OAUTH_TOKEN_URI
Token uri for oauth login.
Example for keycloak: `https://example.com/realms/master/protocol/openid-connect/token`
## OAUTH_IDENTITY_URI
Userinfo uri for oauth login.
Example for keycloak: `https://example.com/realms/master/protocol/openid-connect/userinfo`
```
# Ports # Ports
- 80 - 80

View File

@ -39,3 +39,15 @@ $config['plugins'] = array('archive', 'managesieve', 'zipdownload');
$config['spellcheck_engine'] = 'pspell'; $config['spellcheck_engine'] = 'pspell';
$config['default_charset'] = 'UTF-8'; $config['default_charset'] = 'UTF-8';
$config['oauth_provider'] = 'generic';
$config['oauth_provider_name'] = '{{getenv "OAUTH_PROVIDER_NAME"}}';
$config['oauth_client_id'] = '{{getenv "OAUTH_CLIENT_ID"}}';
$config['oauth_client_secret'] = '{{getenv "OAUTH_CLIENT_SECRET"}}';
$config['oauth_auth_uri'] = '{{getenv "OAUTH_AUTH_URI"}}';
$config['oauth_token_uri'] = '{{getenv "OAUTH_TOKEN_URI"}}';
$config['oauth_identity_uri'] = '{{getenv "OAUTH_IDENTITY_URI"}}';
$config['oauth_scope'] = 'email profile openid';
$config['oauth_auth_parameters'] = [];
$config['oauth_identity_fields'] = ['preferred_username'];
$config['oauth_login_redirect'] = true;

View File

@ -48,6 +48,7 @@ http {
fastcgi_param PATH_INFO $path_info; fastcgi_param PATH_INFO $path_info;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param HTTPS on; fastcgi_param HTTPS on;
fastcgi_param SERVER_PORT 443;
fastcgi_read_timeout 300; fastcgi_read_timeout 300;
fastcgi_pass php; fastcgi_pass php;
} }