lorenz
commented
2 years ago I have started working on OIDC integration in https://github.com/plankanban/planka/pull/203, would this also work for you?
Open Forceu opened 2 years ago
lorenz
commented
2 years ago I have started working on OIDC integration in https://github.com/plankanban/planka/pull/203, would this also work for you?
max-tet
commented
2 years ago I also would love to have a proxy auth feature and OIDC would not work for me.
I am running Planka behind a Traefik reverse proxy which handles all my authentication needs and can set headers on the requests it passes on. The perfect proxy auth feature for me would work like this:
admin=admin_user)proxy_auth=true)auth_header=X-Authenticated-User)X-Authenticated-User to the authenticated username on every request.That way, user management could be mostly delegated to the reverse proxy which is extremely helpful if you have multiple apps behind the same proxy and want to take care of user management only once.
Edit: BTW, I am using Planka for this product. Since this is a single-user platform, users really should see no login screen at all, not even for SSO.
Thanks a lot!
Forceu
commented
2 years ago Yes, I have a similar setup and although OIDC would already make it easier, header authentication would be even better! If I can help in any way let me know!
prologic
commented
11 months ago I'd also like proxy auth via HTTP trusted header/proxies as well. I'd love to put Authelia in front of this 👌
saadqaz1
commented
4 months ago I'd also like proxy auth via HTTP trusted header/proxies as well. I'd love to put Authelia in front of this 👌
I'm using Traefik and Authelia as a OIDC provider for Planka and SSO works great but for some reason the 'OIDC_ROLES_ATTRIBUTE' config doesn't seem to work for me when I try setting it to '=admin' then creating a LLDAP group called 'admin' and adding the user.
The user just has read only access so I have to add that user to each project/board via the default admin.
oomenit
commented
1 month ago I'd also like proxy auth via HTTP trusted header/proxies as well. I'd love to put Authelia in front of this 👌
I'm using Traefik and Authelia as a OIDC provider for Planka and SSO works great but for some reason the 'OIDC_ROLES_ATTRIBUTE' config doesn't seem to work for me when I try setting it to '=admin' then creating a LLDAP group called 'admin' and adding the user.
The user just has read only access so I have to add that user to each project/board via the default admin.
Could you comment how you got Authelia working? I have followed the OIDC guide but Planka keeps giving me an 'unknown' error with no logging at all when trying to login with SSO.
My Authelia config:
and my docker-compose for Planka:
- OIDC_ISSUER=URL AUTHEILIA
- OIDC_CLIENT_ID=authelia-planka
- OIDC_CLIENT_SECRET={KEY}
- OIDC_SCOPES=openid email profile
- OIDC_EMAIL_ATTRIBUTE=email
- OIDC_NAME_ATTRIBUTE=name
- OIDC_USERNAME_ATTRIBUTE=preferred_username
- OIDC_ROLES_ATTRIBUTE=groups
- OIDC_ENFORCED=falseBut I keep getting:
It would be amazing if Planka supported either headers or env variables for authentication.
The use case would be SSO software running on the reverse proxy, in my case Authelia with Nginx. I can configure Nginx to set a header or env variable containing the username and one containing the user role. So if Planka checks the header and a user with that username exists, a new session is created.
It would be even better if a new user would automatically be created if the username cannot be found, but that use case would not be super important for me. I already looked through the code, unfortunately I was not able to implement the feature myself.
Thanks!