mirror of
https://github.com/BookStackApp/BookStack.git
synced 2026-02-05 00:29:48 +03:00
Support Generic OAuth/OIDC Login #934
Reference in New Issue
Block a user
Delete Branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Originally created by @icaceresreply on GitHub (Dec 3, 2018).
Describe the feature you'd like
the users from Identity Server could log in using OAuth.
@lommes commented on GitHub (Dec 5, 2018):
IdentityServer is a little different from the other providers we are currently using, since it is not a hosted service.
Is there an app which includes IndentityServer and is easy to setup/build and we can use for testing?
@durnerj commented on GitHub (Apr 29, 2019):
I also would like to use my Keycloak as an IdP for Bookstack.
Keycloak is easy to setup with Docker & Docker-Compose.
IdentityServer looks like a pure OpenID Server - Keycloak also supports OpenID and Oauth2 (wich is a subset of OpenID)
Maybe Generic Oauth2 Login would be a good start.
@Usama-A commented on GitHub (May 17, 2019):
Generic Oauth2 Login +1
@derfabianpeter commented on GitHub (May 26, 2019):
2nd that. A generic OAuth Provider would be very helpful in integrating BookStack with Keycloak or Nextcloud.
@Ryonez commented on GitHub (Jun 16, 2019):
3rd that.
While I'm using keycloak with LDAP, I'd rather switch it to oauth, which I use with almost every other service.
@FrouxBY commented on GitHub (Jul 10, 2019):
As Bookstack use Laravel Socialite for managing Oauth and Oauth Provider, I think the best solution is to check there https://github.com/SocialiteProviders/Providers if the provider exists and add it if wanted (seems a few line if the oauth api is known), then it can be easily added to bookstack.
Keycloak is not in the official repo, but I find this one,
https://github.com/avdevs/keycloak
I haven't tested thought
@ssddanbrown commented on GitHub (Jul 10, 2019):
Just as a note to the above, I am becoming more strict about what Oauth providers are added to BookStack & instead looking to support more generic protocols instead. Have recently had a dig into SAML & OpenID but found it difficult to fully understand the core processes used by most systems in addition to the variance that would need to be supported.
@PotyPot commented on GitHub (Aug 6, 2019):
For me too we use Keycloak with oauth on every system.
It would be grate if this feature would be availebil. +1
@Xiphoseer commented on GitHub (Aug 7, 2019):
I implemented a MVP for SAML support in #1576
@ssddanbrown commented on GitHub (Aug 14, 2019):
I've updated the title to make this less about "Identity Server" and more about adding generic OIDC/OAuth support since that has wider benefits and is more likely something I'd look to implement.
@jpontius commented on GitHub (Sep 10, 2019):
+1
We use Keycloak and would like to be able to use it here.
@indiealexh commented on GitHub (Jan 22, 2020):
Also use Keycloak, and would very much appreciate support here.
@col-panic commented on GitHub (Feb 13, 2020):
Keycloak should be usable via the SAML2 client available with 0.28.0!
@Xiphoseer commented on GitHub (Feb 13, 2020):
I can confirm that it's possible to use keycloak via the SAML integration, we have that setup for our Bookstack instance.
@col-panic commented on GitHub (Feb 13, 2020):
@Xiphoseer could you please share your configuration settings, both on keycloak and bookstack site? That would be really helpful, currently working on setting this up!
@Xiphoseer commented on GitHub (Feb 13, 2020):
@col-panic I'm not on the team that set this up, but I have sent a link to your question to someone who is.
@col-panic commented on GitHub (Feb 13, 2020):
Thanks a lot @Xiphoseer - i've already come quite far. It seems however, that migrating away from LDAP my existing users won't be accepted. I can login, but it simply throws me back to the login page ...
@Xiphoseer commented on GitHub (Feb 13, 2020):
@col-panic that sounds like the key (external auth id) that Bookstack uses to match users is set to a different field.
You could check whether one of them uses a numeric UID while the other had a a username and change the SAML config to match the LDAP one. As long as keycloak exposes the attribute, you can set which one to use in the Bookstack config iirc.
@hugocortes commented on GitHub (Feb 13, 2020):
here is the configuration i used to enable keycloak saml with bookstack:
I found the attribute ids by using
SAML2_DUMP_USER_DETAILS=truein the env in case you would like to verify your settings are correct.as for my keycloak client here is my configuration (i'm new to saml clients so there may be options that are not required as i basing the configuration off of several guides)
@col-panic commented on GitHub (Feb 13, 2020):
@hugocortes @Xiphoseer thank you very much guys!!!
My inclusion of the client configuration can be seen here https://github.com/elexis/elexis-environment/blob/master/docker/ee-util/assets/stage_ee_start_setup/keycloak/bookstack-saml.json with the clientId set as shown above!
@mrmason commented on GitHub (Sep 16, 2020):
+1 for generic oauth here - we host our own oauth and would like to use it for bookstack.
@Atn-D commented on GitHub (Apr 24, 2021):
Hello, do you have a guide to use keycloak SAML2 with Bookstack please?
@Ryonez commented on GitHub (Apr 24, 2021):
Looks a few replies up. Someone showed how they've configured things.
@Atn-D commented on GitHub (Apr 24, 2021):
@Ryonez thank you for your answer.Yes, I had read and tried to reproduce, but it does not work for me :/I must have missed something, I'll look further.Problem solved! 🎉
On the Keycloak side, I had not configured "Mappers" to have the right "email" and "name" values…
@intelligentops commented on GitHub (May 11, 2021):
@ssddanbrown commented on GitHub (Oct 16, 2021):
OIDC support has now been merged into master dev branch, via PRs #2169 and #2960, to be part of the next feature release.
This will provide an initial core implementation that also supports a base level of auto-discovery. Further features, where deemed required, can be requested separately. Therefore I will close off this issue.
Thanks @icaceresreply for your original request and thanks everyone else for providing input.
@ghost commented on GitHub (Nov 19, 2021):
Not quite able to get it going with the posted config. Will debug and post some information later.
@serega404 commented on GitHub (Nov 21, 2021):
My configuration for keycloak
BookStack .env file
keycloak config for client:
@mv-yurchenko commented on GitHub (Jul 11, 2022):
@serega404 hi, how did u pass groups/admin privileges from KK to Bookstack?
@serega404 commented on GitHub (Jul 11, 2022):
Hi, I didn't configure it. Administrator rights were granted manually
@ssddanbrown commented on GitHub (Jul 11, 2022):
@mv-yurchenko OIDC does not yet support any kind of group/role sync.
I'd invite detailed feedback regarding this in https://github.com/BookStackApp/BookStack/issues/3004.