lorenz
commented
2 years ago I have started working on OIDC integration in https://github.com/plankanban/planka/pull/203, would this also work for you?
Open Forceu opened 2 years ago
lorenz
commented
2 years ago I have started working on OIDC integration in https://github.com/plankanban/planka/pull/203, would this also work for you?
max-tet
commented
2 years ago I also would love to have a proxy auth feature and OIDC would not work for me.
I am running Planka behind a Traefik reverse proxy which handles all my authentication needs and can set headers on the requests it passes on. The perfect proxy auth feature for me would work like this:
admin=admin_user)proxy_auth=true)auth_header=X-Authenticated-User)X-Authenticated-User to the authenticated username on every request.That way, user management could be mostly delegated to the reverse proxy which is extremely helpful if you have multiple apps behind the same proxy and want to take care of user management only once.
Edit: BTW, I am using Planka for this product. Since this is a single-user platform, users really should see no login screen at all, not even for SSO.
Thanks a lot!
Forceu
commented
2 years ago Yes, I have a similar setup and although OIDC would already make it easier, header authentication would be even better! If I can help in any way let me know!
prologic
commented
1 year ago I'd also like proxy auth via HTTP trusted header/proxies as well. I'd love to put Authelia in front of this 👌
saadqaz1
commented
8 months ago I'd also like proxy auth via HTTP trusted header/proxies as well. I'd love to put Authelia in front of this 👌
I'm using Traefik and Authelia as a OIDC provider for Planka and SSO works great but for some reason the 'OIDC_ROLES_ATTRIBUTE' config doesn't seem to work for me when I try setting it to '=admin' then creating a LLDAP group called 'admin' and adding the user.
The user just has read only access so I have to add that user to each project/board via the default admin.
oomenit
commented
5 months ago I'd also like proxy auth via HTTP trusted header/proxies as well. I'd love to put Authelia in front of this 👌
I'm using Traefik and Authelia as a OIDC provider for Planka and SSO works great but for some reason the 'OIDC_ROLES_ATTRIBUTE' config doesn't seem to work for me when I try setting it to '=admin' then creating a LLDAP group called 'admin' and adding the user.
The user just has read only access so I have to add that user to each project/board via the default admin.
Could you comment how you got Authelia working? I have followed the OIDC guide but Planka keeps giving me an 'unknown' error with no logging at all when trying to login with SSO.
My Authelia config:
and my docker-compose for Planka:
- OIDC_ISSUER=URL AUTHEILIA
- OIDC_CLIENT_ID=authelia-planka
- OIDC_CLIENT_SECRET={KEY}
- OIDC_SCOPES=openid email profile
- OIDC_EMAIL_ATTRIBUTE=email
- OIDC_NAME_ATTRIBUTE=name
- OIDC_USERNAME_ATTRIBUTE=preferred_username
- OIDC_ROLES_ATTRIBUTE=groups
- OIDC_ENFORCED=falseBut I keep getting:
saadqaz1
commented
4 months ago I'd also like proxy auth via HTTP trusted header/proxies as well. I'd love to put Authelia in front of this 👌
I'm using Traefik and Authelia as a OIDC provider for Planka and SSO works great but for some reason the 'OIDC_ROLES_ATTRIBUTE' config doesn't seem to work for me when I try setting it to '=admin' then creating a LLDAP group called 'admin' and adding the user.
The user just has read only access so I have to add that user to each project/board via the default admin.
Could you comment how you got Authelia working? I have followed the OIDC guide but Planka keeps giving me an 'unknown' error with no logging at all when trying to login with SSO.
My Authelia config:
client_id: authelia-planka
client_name: Planka client_secret: {KEY} authorization_policy: two_factor public: false consent_mode: implicit audience: [] scopes: - openid - profile - email userinfo_signed_response_alg: none redirect_uris: - https://DOMAIN/oidc-callbackand my docker-compose for Planka:
- OIDC_ISSUER=URL AUTHEILIA - OIDC_CLIENT_ID=authelia-planka - OIDC_CLIENT_SECRET={KEY} - OIDC_SCOPES=openid email profile - OIDC_EMAIL_ATTRIBUTE=email - OIDC_NAME_ATTRIBUTE=name - OIDC_USERNAME_ATTRIBUTE=preferred_username - OIDC_ROLES_ATTRIBUTE=groups - OIDC_ENFORCED=falseBut I keep getting:
This is my authelia config:
'''
clients:
id: planka description: Planka secret: my_secret
#public: false authorization_policy: one_factor pre_configured_consent_duration: 1w
#scopes:
# - uid
# - groups
# - email
# - profile
redirect_uris:
- https://planka.local/oidc-callback'''
And my planka config:
'''
'''
It would be amazing if Planka supported either headers or env variables for authentication.
The use case would be SSO software running on the reverse proxy, in my case Authelia with Nginx. I can configure Nginx to set a header or env variable containing the username and one containing the user role. So if Planka checks the header and a user with that username exists, a new session is created.
It would be even better if a new user would automatically be created if the username cannot be found, but that use case would not be super important for me. I already looked through the code, unfortunately I was not able to implement the feature myself.
Thanks!