From ed342e562dd434f60d3ce7cf79058e54ef93981e Mon Sep 17 00:00:00 2001 From: phoenixbackups <162757831+phoenixbackups@users.noreply.github.com> Date: Mon, 18 Mar 2024 18:07:33 -0400 Subject: [PATCH] Create bookstack.md Add bookstack config example --- examples/bookstack.md | 60 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 60 insertions(+) create mode 100644 examples/bookstack.md diff --git a/examples/bookstack.md b/examples/bookstack.md new file mode 100644 index 000000000..53bc4965c --- /dev/null +++ b/examples/bookstack.md @@ -0,0 +1,60 @@ +# Bookstack (non-docker version) + +## On Kanidm +### 1. Create the bookstack resource server +``` +kanidm system oauth2 create bookstack "Bookstack" https://yourbookstack.example.com +``` +### 2. Create the appropriate group(s) +``` +kanidm group create bookstack-users --name idm_admin +``` +### 3. Add the appropriate users to the group +``` +kanidm group add-members bookstack-users user.name +``` +### 4. Add the scopes: +``` +kanidm system ouath2 update-scope-map bookstack openid profile email keys +``` +### 5. Get the client secret: +``` +kanidm system oauth2 show-basic-secret bookstack +``` +Copy the value that is returned. + +### 6. Disable PKCE / Enable Legacy crypto +``` +kanidm system oauth2 warning-insecure-client-disable-pkce bookstack +kanidm system oauth2 warning-enable-legacy-crypto +``` +## On Bookstack server +### 1. Add the following to the .env file at the bottom +``` +#OIDC +AUTH_AUTO_INITIATE=false +OIDC_NAME=Kanidm +OIDC_DISPLAY_NAME_CLAIMS=openid +OIDC_CLIENT_ID=bookstack +OIDC_CLIENT_SECRET= +OIDC_ISSUER=https://idm.example.com:8443/oauth2/openid/bookstack +OIDC_END_SESSION_ENDPOINT=false +OIDC_ISSUER_DISCOVER=true +OIDC_DUMP_USER_DETAILS=false +OIDC_EXTERNAL_ID_CLAIM=openid +``` +### 2. Change the AUTH_METHOD to oidc in the .env file +``` +AUTH_METHOD=oidc +``` +### 3. Open the `app/Access/Oidc/OidcService.php` file with your favorite editor. +### 4. Go to line 214 and make the following changes: +``` + return [ + 'external_id' => $token->getClaim('sub'), + 'email' => $token->getClaim('email'), + 'name' => $token->getClaim('name'), + 'groups' => $this->getUserGroups($token), + ]; +``` +Open your bookstack URL and click the Signin with Kanidm button.