-
-
Notifications
You must be signed in to change notification settings - Fork 1.9k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
1 changed file
with
22 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,22 @@ | ||
# SSO using OpenId Connect | ||
|
||
To use an external source of authentication your SSO will need to support OpendID Connect : | ||
|
||
- And OpenID Connect Discovery endpoint should be available | ||
- Client authentication will be done using Id and Secret. | ||
|
||
A master password will still required and not controlled by the SSO (depending of your point of view this might be a feature ;). | ||
This introduce another way to control who can use the vault without having to use invitation or using an LDAP. | ||
|
||
## Configuration | ||
|
||
The following configurations are available | ||
|
||
- `SSO_ENABLED` : Activate the SSO | ||
- `SSO_ONLY` : disable email+Master password authentication | ||
- `SSO_AUTHORITY` : the OpendID Connect Discovery endpoint of your SSO | ||
- `SSO_CLIENT_ID` : Client Id | ||
- `SSO_CLIENT_SECRET` : Client Secret | ||
- `SSO_KEY_FILEPATH` : And optional public key that can be used to authenticate the SSO during the exchange flow. | ||
|
||
The callback url is : `https://your.domain/identity/connect/oidc-signin` |