Skip to content

Commit

Permalink
Add some SSO documentation
Browse files Browse the repository at this point in the history
  • Loading branch information
Timshel committed Sep 26, 2023
1 parent a87841e commit 77fe2b3
Showing 1 changed file with 22 additions and 0 deletions.
22 changes: 22 additions & 0 deletions SSO.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
# SSO using OpenId Connect

To use an external source of authentication your SSO will need to support OpendID Connect :

- And OpenID Connect Discovery endpoint should be available
- Client authentication will be done using Id and Secret.

A master password will still required and not controlled by the SSO (depending of your point of view this might be a feature ;).
This introduce another way to control who can use the vault without having to use invitation or using an LDAP.

## Configuration

The following configurations are available

- `SSO_ENABLED` : Activate the SSO
- `SSO_ONLY` : disable email+Master password authentication
- `SSO_AUTHORITY` : the OpendID Connect Discovery endpoint of your SSO
- `SSO_CLIENT_ID` : Client Id
- `SSO_CLIENT_SECRET` : Client Secret
- `SSO_KEY_FILEPATH` : And optional public key that can be used to authenticate the SSO during the exchange flow.

The callback url is : `https://your.domain/identity/connect/oidc-signin`

0 comments on commit 77fe2b3

Please sign in to comment.