clones/librenms
1
0
Fork 0
mirror of https://github.com/librenms/librenms.git synced 2024-09-21 18:38:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix formatting (#15616)

Browse Source
This commit is contained in:
Peter Childs 2023-12-05 08:24:57 +10:30 committed by GitHub
parent 21ccfa4096
commit fe144d605a
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 21 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

42
doc/Extensions/OAuth-SAML.md
View File

@ -273,8 +273,8 @@ If it doesn't work, please double check your configuration values by using the `
### Default Role
Since most Socialite Providers don't provide Authorization only Authentication it is possible to set
the default User Role for Authorized users. Appropriate care should be taken.
Since most Socialite Providers don't provide Authorization only Authentication it is possible to set
the default User Role for Authorized users. Appropriate care should be taken.
- none: **No Access**: User has no access
@ -285,31 +285,31 @@ If it doesn't work, please double check your configuration values by using the `
- admin: **Administrator**: This is a global read/write admin account.
!!! setting "settings/auth/socialite"
```bash
lnms config:set auth.socialite.default_role global-read
```
!!! setting "settings/auth/socialite"
```bash
lnms config:set auth.socialite.default_role global-read
```
### Claims / Access Scopes
Socialite can specifiy scopes that should be included with in the authentication request.
(see https://laravel.com/docs/10.x/socialite#access-scopes )
Socialite can specifiy scopes that should be included with in the authentication request.
(see [Larvel docs](https://laravel.com/docs/10.x/socialite#access-scopes) )
For example, if Okta is configured to expose group information it is possible to use these group
names to configure User Roles.
For example, if Okta is configured to expose group information it is possible to use these group
names to configure User Roles.
First enable sending the 'groups' claim (along with the normal openid, profile, and email claims )
!!! setting "settings/auth/socialite"
```bash
lnms config:set auth.socialite.scopes.+ groups
```
First enable sending the 'groups' claim (along with the normal openid, profile, and email claims )
!!! setting "settings/auth/socialite"
```bash
lnms config:set auth.socialite.scopes.+ groups
```
Then setup mappings from the returned claim arrays to the User levels you want
!!! setting "settings/auth/socialite"
```bash
lnms config:set auth.socialite.claims.RETURN_FROM_CLAIM.roles '["admin"]'
lnms config:set auth.socialite.claims.OTHER_RETURN_FROM_CLAIM.roles '["global-read","cleaner"]'
```
Then setup mappings from the returned claim arrays to the User levels you want
!!! setting "settings/auth/socialite"
```bash
lnms config:set auth.socialite.claims.RETURN_FROM_CLAIM.roles '["admin"]'
lnms config:set auth.socialite.claims.OTHER_RETURN_FROM_CLAIM.roles '["global-read","cleaner"]'
```
## SAML2 Example