Differences

This shows you the differences between two versions of the page.

Link to this comparison view

documentation:latest:applications:wekan [2019/06/25 21:58] (current)
paucur created
Line 1: Line 1:
 +====== Wekan ======
  
 +{{ :​applications:​wekan-logo.png?​nolink |}}
 +
 +===== Presentation =====
 +
 +Wekan is an open-source Kanban, similar to trello.
 +
 +See [[https://​wekan.github.io/​|the official Wekan website]] for a complete presentation.
 +
 +It feature an oauth2 login feature that work with LemonLDAP::​NG
 +
 +===== Configuring Wekan =====
 +
 +Wekan is mostly configured with environement variables, you need to set theses :
 +
 +    * **OAUTH2_ENABLED**:​ ''​TRUE''​
 +    * **OAUTH2_CLIENT_ID**:​ ''​ClientID''​
 +    * **OAUTH2_SECRET**:​ ''​Secret''​
 +    * **OAUTH2_SERVER_URL**:​ ''​https://​auth.example.com/''​
 +    * **OAUTH2_AUTH_ENDPOINT**:​ ''​oauth2/​authorize''​
 +    * **OAUTH2_USERINFO_ENDPOINT**:​ ''​oauth2/​userinfo''​
 +    * **OAUTH2_TOKEN_ENDPOINT**:​ ''​oauth2/​token''​
 +    * **OAUTH2_ID_MAP**:​ ''​sub''​
 +
 +<note warning>
 +Be careful to the / in server_url and endpoints, the complete URL need to be valid, ie auth.example.com/​ for url & oauth2/xxx for endpoints, OR, auth.example.com & /oauth2/xxx for endpoints.
 +</​note>​
 +
 +==== Configuring LemonLDAP ====
 +
 +We now have to configure LemonLDAP::​NG to recognize Wekan as a valid OAuth2 relaying party and send it the information it needs to recognize a user.
 +
 +Add a [[ ../​idpopenidconnect | new OpenID Connect relaying party ]] with the following parameters:
 +
 +    * **Client ID**: the same you set in Wekan configuration (same as OAUTH2_CLIENT_ID)
 +    * **Client Secret**: the same you set in Wekan configuration (same as OAUTH2_SECRET)
 +    * Add the following exported attributes
 +        * ''​name'':​ session attribute containing the user's full name
 +        * ''​email'':​ session attribute containing the user's email or _singleMail
 +
 +=== _singleMail Macro ===
 +
 +<note warning>
 +OIDC login fails when an user as a multi-valued email attribute, this need to be fixed on wekan'​s side, we can bypass that by telling lemonldap to only send one email
 +</​note>​
 +
 +Create a new macro, name it (_singleMail is an example), the macro should contain ''​(split(/;​ /,​$mail))[1]''​