mirror of
https://github.com/librenms/librenms.git
synced 2024-09-21 18:38:25 +00:00
fix formatting (#15616)
This commit is contained in:
parent
21ccfa4096
commit
fe144d605a
@ -273,8 +273,8 @@ If it doesn't work, please double check your configuration values by using the `
|
||||
|
||||
### Default Role
|
||||
|
||||
Since most Socialite Providers don't provide Authorization only Authentication it is possible to set
|
||||
the default User Role for Authorized users. Appropriate care should be taken.
|
||||
Since most Socialite Providers don't provide Authorization only Authentication it is possible to set
|
||||
the default User Role for Authorized users. Appropriate care should be taken.
|
||||
|
||||
- none: **No Access**: User has no access
|
||||
|
||||
@ -285,31 +285,31 @@ If it doesn't work, please double check your configuration values by using the `
|
||||
|
||||
- admin: **Administrator**: This is a global read/write admin account.
|
||||
|
||||
!!! setting "settings/auth/socialite"
|
||||
```bash
|
||||
lnms config:set auth.socialite.default_role global-read
|
||||
```
|
||||
!!! setting "settings/auth/socialite"
|
||||
```bash
|
||||
lnms config:set auth.socialite.default_role global-read
|
||||
```
|
||||
|
||||
### Claims / Access Scopes
|
||||
|
||||
Socialite can specifiy scopes that should be included with in the authentication request.
|
||||
(see https://laravel.com/docs/10.x/socialite#access-scopes )
|
||||
Socialite can specifiy scopes that should be included with in the authentication request.
|
||||
(see [Larvel docs](https://laravel.com/docs/10.x/socialite#access-scopes) )
|
||||
|
||||
For example, if Okta is configured to expose group information it is possible to use these group
|
||||
names to configure User Roles.
|
||||
For example, if Okta is configured to expose group information it is possible to use these group
|
||||
names to configure User Roles.
|
||||
|
||||
First enable sending the 'groups' claim (along with the normal openid, profile, and email claims )
|
||||
!!! setting "settings/auth/socialite"
|
||||
```bash
|
||||
lnms config:set auth.socialite.scopes.+ groups
|
||||
```
|
||||
First enable sending the 'groups' claim (along with the normal openid, profile, and email claims )
|
||||
!!! setting "settings/auth/socialite"
|
||||
```bash
|
||||
lnms config:set auth.socialite.scopes.+ groups
|
||||
```
|
||||
|
||||
Then setup mappings from the returned claim arrays to the User levels you want
|
||||
!!! setting "settings/auth/socialite"
|
||||
```bash
|
||||
lnms config:set auth.socialite.claims.RETURN_FROM_CLAIM.roles '["admin"]'
|
||||
lnms config:set auth.socialite.claims.OTHER_RETURN_FROM_CLAIM.roles '["global-read","cleaner"]'
|
||||
```
|
||||
Then setup mappings from the returned claim arrays to the User levels you want
|
||||
!!! setting "settings/auth/socialite"
|
||||
```bash
|
||||
lnms config:set auth.socialite.claims.RETURN_FROM_CLAIM.roles '["admin"]'
|
||||
lnms config:set auth.socialite.claims.OTHER_RETURN_FROM_CLAIM.roles '["global-read","cleaner"]'
|
||||
```
|
||||
|
||||
|
||||
## SAML2 Example
|
||||
|
Loading…
Reference in New Issue
Block a user