mart-w/kanidm
1
0
Fork 0
mirror of https://github.com/kanidm/kanidm.git synced 2025-02-23 20:47:01 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

adding notes about OIDCRemoteUserClaim to the oauth2 book chapter (#621)

Browse source
This commit is contained in:
James Hodgkinson 2021-11-30 10:34:54 +10:00 committed by GitHub
parent b7837f3aae
commit 615ddee75f
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 5 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
kanidm_book/src/oauth2.md
View file

@ -182,10 +182,10 @@ To enable legacy cryptograhy (RSA PKCS1-5 SHA256):
### Apache mod\_auth\_openidc
Add the following to a mod\_auth\_openidc.conf. It should be included in a mods\_enabled folder
Add the following to a `mod_auth_openidc.conf`. It should be included in a `mods_enabled` folder
or with an appropriate include.
OIDCRedirectURI http://resource.example.com/protected/redirect_uri
OIDCRedirectURI /protected/redirect_uri
OIDCCryptoPassphrase <random password here>
OIDCProviderMetadataURL https://kanidm.example.com/oauth2/openid/<resource server name>/.well-known/openid-configuration
OIDCScope "openid"
@ -194,6 +194,9 @@ or with an appropriate include.
OIDCClientSecret <resource server password>
OIDCPKCEMethod S256
OIDCCookieSameSite On
# Set the `REMOTE_USER` field to the `preferred_username` instead of the UUID.
# Remember that the username can change, but this can help with systems like Nagios which use this as a display name.
# OIDCRemoteUserClaim preferred_username
Other scopes can be added as required to the `OIDCScope` line, eg: `OIDCScope "openid scope2 scope3"`