diff options
author | David Mehren | 2020-11-15 21:02:36 +0100 |
---|---|---|
committer | GitHub | 2020-11-15 21:02:36 +0100 |
commit | 4c0efe1237bc33b52d06eaf86a28adad9a041ec2 (patch) | |
tree | fa068d16074645b7b6d8d88b78724b9cd82dd879 /docs/guides/auth | |
parent | 299301f0fe5bea41b4407bbbc03932fc4dd1c1d3 (diff) | |
parent | 9898ab3ca5fa226967d8a3aca8e6e752554ed64d (diff) |
Merge pull request #453 from hedgedoc/misc/renaming
Diffstat (limited to 'docs/guides/auth')
-rw-r--r-- | docs/guides/auth/github.md | 4 | ||||
-rw-r--r-- | docs/guides/auth/gitlab-self-hosted.md | 6 | ||||
-rw-r--r-- | docs/guides/auth/keycloak.md | 10 | ||||
-rw-r--r-- | docs/guides/auth/ldap-ad.md | 2 | ||||
-rw-r--r-- | docs/guides/auth/mattermost-self-hosted.md | 2 | ||||
-rw-r--r-- | docs/guides/auth/nextcloud.md | 4 | ||||
-rw-r--r-- | docs/guides/auth/saml-keycloak.md | 38 | ||||
-rw-r--r-- | docs/guides/auth/saml-onelogin.md | 10 | ||||
-rw-r--r-- | docs/guides/auth/saml.md | 20 | ||||
-rw-r--r-- | docs/guides/auth/twitter.md | 2 |
10 files changed, 48 insertions, 50 deletions
diff --git a/docs/guides/auth/github.md b/docs/guides/auth/github.md index dc46f74c..f540a530 100644 --- a/docs/guides/auth/github.md +++ b/docs/guides/auth/github.md @@ -1,7 +1,5 @@ # Authentication guide - GitHub -*Note:* This guide was written before the renaming. Just replace `HackMD` with `CodiMD` in your mind :smile: thanks! - 1. Sign-in or sign-up for a GitHub account 2. Navigate to developer settings in your GitHub account [here](https://github.com/settings/developers) and select the "OAuth Apps" tab @@ -12,7 +10,7 @@ 4. Fill out the new OAuth application registration form, and click **Register Application** ![register-oauth-application-form](../../images/auth/register-oauth-application-form.png) - **Note:** *The callback URL is <your-codimd-url>/auth/github/callback* + **Note:** *The callback URL is <your-hedgedoc-url>/auth/github/callback* 5. After successfully registering the application, you'll receive the Client ID and Client Secret for the application ![application-page](../../images/auth/application-page.png) diff --git a/docs/guides/auth/gitlab-self-hosted.md b/docs/guides/auth/gitlab-self-hosted.md index 62ce1122..fc655ac5 100644 --- a/docs/guides/auth/gitlab-self-hosted.md +++ b/docs/guides/auth/gitlab-self-hosted.md @@ -1,6 +1,6 @@ # GitLab (self-hosted) -*Note:* This guide was written before the renaming. Just replace `HackMD` with `CodiMD` in your mind :smile: thanks! +*Note:* This guide was written before the renaming. Just replace `HackMD` with `HedgeDoc` in your mind :smile: thanks! 1. Sign in to your GitLab 2. Navigate to the application management page at `https://your.gitlab.domain/admin/applications` (admin permissions required) @@ -16,7 +16,7 @@ 6. In the `docker-compose.yml` add the following environment variables to `app:` `environment:` ```Dockerfile -- CMD_DOMAIN=your.codimd.domain +- CMD_DOMAIN=your.hedgedoc.domain - CMD_URL_ADDPORT=true - CMD_PROTOCOL_USESSL=true - CMD_GITLAB_BASEURL=https://your.gitlab.domain @@ -25,6 +25,6 @@ ``` 7. Run `docker-compose up -d` to apply your settings. -8. Sign in to your CodiMD using your GitLab ID: +8. Sign in to your HedgeDoc using your GitLab ID: ![Sign in via GitLab](../../images/auth/gitlab-sign-in.png) diff --git a/docs/guides/auth/keycloak.md b/docs/guides/auth/keycloak.md index 16e24bc5..82f6d321 100644 --- a/docs/guides/auth/keycloak.md +++ b/docs/guides/auth/keycloak.md @@ -1,4 +1,4 @@ -OAuth with Keycloak/Red Hat SSO (self-hosted) +# OAuth with Keycloak/Red Hat SSO (self-hosted) ## Prerequisites @@ -13,7 +13,7 @@ Where HTTPS is specified throughout, use HTTP instead. You may also have to spec You may note that a separate realm is specified throughout this tutorial. It is best practice not to use the master realm, as it normally contains the realm-management client that federates access using the policies and permissions you can create. 2. Navigate to the client management page at `https://keycloak.example.com/auth/admin/master/console/#/realms/your-realm/clients` (admin permissions required) -3. Click **Create** to create a new client and fill out the registration form. You should set the Root URL to the fully qualified public URL of your CodiMD instance. +3. Click **Create** to create a new client and fill out the registration form. You should set the Root URL to the fully qualified public URL of your HedgeDoc instance. 4. Click **Save** 5. Set the **Access Type** of the client to `confidential`. This will make your client require a client secret upon authentication. @@ -24,7 +24,7 @@ You may note that a separate realm is specified throughout this tutorial. It is 1. Select Client Scopes from the sidebar, and begin to create a new client scope using the Create button. 2. Ensure that the **Name** field is set to `id`. 3. Create a new mapper under the Mappers tab. This should reference the User Property `id`. `Claim JSON Type` should be String and all switches below should be enabled. Save the mapper. -4. Go to the client you set up in the previous steps using the Clients page, then choose the Client Scopes tab. Apply the scope you've created. This should mitigate errors as seen in [codimd/server#56](https://github.com/codimd/server/issues/56), as the `/userinfo` endpoint should now bring back the user's ID under the `id` key as well as `sub`. +4. Go to the client you set up in the previous steps using the Clients page, then choose the Client Scopes tab. Apply the scope you've created. This should mitigate errors as seen in [hedgedoc/hedgedoc#56](https://github.com/hedgedoc/hedgedoc/issues/56), as the `/userinfo` endpoint should now bring back the user's ID under the `id` key as well as `sub`. --- @@ -40,10 +40,10 @@ CMD_OAUTH2_AUTHORIZATION_URL=https://keycloak.example.com/auth/realms/your-realm CMD_OAUTH2_CLIENT_ID=<your client ID> CMD_OAUTH2_CLIENT_SECRET=<your client secret, which you can find under the Credentials tab for your client> CMD_OAUTH2_PROVIDERNAME=Keycloak -CMD_DOMAIN=<codimd.example.com> +CMD_DOMAIN=<hedgedoc.example.com> CMD_PROTOCOL_USESSL=true CMD_URL_ADDPORT=false ``` 6. Run `docker-compose up -d` to apply your settings. -7. Sign in to your CodiMD using your Keycloak ID +7. Sign in to your HedgeDoc using your Keycloak ID diff --git a/docs/guides/auth/ldap-ad.md b/docs/guides/auth/ldap-ad.md index fa41346e..b7d0284e 100644 --- a/docs/guides/auth/ldap-ad.md +++ b/docs/guides/auth/ldap-ad.md @@ -1,6 +1,6 @@ # AD LDAP auth -To setup your CodiMD instance with Active Directory you need the following configs: +To setup your HedgeDoc instance with Active Directory you need the following configs: ```env CMD_LDAP_URL=ldap://internal.example.com diff --git a/docs/guides/auth/mattermost-self-hosted.md b/docs/guides/auth/mattermost-self-hosted.md index 5085b4e7..2ad2afd7 100644 --- a/docs/guides/auth/mattermost-self-hosted.md +++ b/docs/guides/auth/mattermost-self-hosted.md @@ -17,7 +17,7 @@ This guide uses the generic OAuth2 module for compatibility with Mattermost vers 5. Fill out the form and click **Save** ![mattermost-oauth-app-form](../../images/auth/mattermost-oauth-app-form.png) -*Note: The callback URL is \<your-codimd-url\>/auth/oauth2/callback* +*Note: The callback URL is \<your-hedgedoc-url\>/auth/oauth2/callback* 6. After saving the application, you'll receive the Client ID and Client Secret ![mattermost-oauth-app-done](../../images/auth/mattermost-oauth-app-done.png) diff --git a/docs/guides/auth/nextcloud.md b/docs/guides/auth/nextcloud.md index 8ce90ca9..e0eb28d1 100644 --- a/docs/guides/auth/nextcloud.md +++ b/docs/guides/auth/nextcloud.md @@ -11,14 +11,14 @@ This guide uses the generic OAuth2 module for compatibility with Nextcloud 13 an At the top there's OAuth 2.0-Clients. ![Where to find OAuth2 in Nextcloud](../../images/auth/nextcloud-oauth2-1-settings.png) -3. Add your CodiMD instance by giving it a *name* (perhaps CodiMD, but could be anything) and a *Redirection-URI*. The Redirection-URI will be `\<your-codimd-url\>/auth/oauth2/callback`. Click <kbd>Add</kbd>. +3. Add your HedgeDoc instance by giving it a *name* (perhaps HedgeDoc, but could be anything) and a *Redirection-URI*. The Redirection-URI will be `\<your-hedgedoc-url\>/auth/oauth2/callback`. Click <kbd>Add</kbd>. ![Adding a client to Nextcloud](../../images/auth/nextcloud-oauth2-2-client-add.png) 4. You'll now see a line containing a *client identifier* and a *Secret*. ![Successfully added OAuth2-client](../../images/auth/nextcloud-oauth2-3-clientid-secret.png) -5. That's it for Nextcloud, the rest is configured in your CodiMD `config.json` or via the `CMD_` environment variables! +5. That's it for Nextcloud, the rest is configured in your HedgeDoc `config.json` or via the `CMD_` environment variables! 6. Add the Client ID and Client Secret to your `config.json` file or pass them as environment variables. Make sure you also replace `<your-nextcloud-domain>` with the right domain name. - `config.json`: diff --git a/docs/guides/auth/saml-keycloak.md b/docs/guides/auth/saml-keycloak.md index 5caf3766..1bc3b363 100644 --- a/docs/guides/auth/saml-keycloak.md +++ b/docs/guides/auth/saml-keycloak.md @@ -1,34 +1,34 @@ -# How to setup CodiMD SAML with Keycloak +# How to setup HedgeDoc SAML with Keycloak ## Configuring Keycloak ### Get the public certificate -1. Select the Realm you want to use for your CodiMD SAML +1. Select the Realm you want to use for your HedgeDoc SAML 2. Select "Realm Settings" in left sidebar 3. Select the "Keys" tab 4. Click the button "Certificate" at `RS256` algorithm ![keycloak_idp_cert](../../images/auth/keycloak_idp_cert.png) -5. Copy this key and save it to the file specified in `saml.idpCert` property of the CodiMD configuration or `CMD_SAML_IDPCERT` environment variable +5. Copy this key and save it to the file specified in `saml.idpCert` property of the HedgeDoc configuration or `CMD_SAML_IDPCERT` environment variable ### Create a new client 1. Select "Client" in left sidebar ![keycloak_clients_overview](../../images/auth/keycloak_clients_overview.png) 2. Click on the "Create" button -3. Set a Client ID and specify this in `saml.issuer` property of the CodiMD configuration or `CMD_SAML_ISSUER` environment variable +3. Set a Client ID and specify this in `saml.issuer` property of the HedgeDoc configuration or `CMD_SAML_ISSUER` environment variable 4. Select `SAML` as Client Protocol -5. Set Client SAML Endpoint to `https://codimd.example.com/auth/saml` (replace `https://codimd.example.com` with the base URL of your CodiMD installation) +5. Set Client SAML Endpoint to `https://hedgedoc.example.com/auth/saml` (replace `https://hedgedoc.example.com` with the base URL of your HedgeDoc installation) ![keycloak_add_client](../../images/auth/keycloak_add_client.png) 6. Leave "Client Signature Required" enabled -7. Set Root URL to `https://codimd.example.com` (replace it here also with the base URL of your CodiMD installation) -8. Set Valid Redirect URIs to `https://codimd.example.com/auth/saml/callback` (you should also define all other domains of your CodiMD installtion with the suffix `/auth/saml/callback`) +7. Set Root URL to `https://hedgedoc.example.com` (replace it here also with the base URL of your HedgeDoc installation) +8. Set Valid Redirect URIs to `https://hedgedoc.example.com/auth/saml/callback` (you should also define all other domains of your HedgeDoc installtion with the suffix `/auth/saml/callback`) 9. Set Base URL to `/` ![keycloak_client_overview](../../images/auth/keycloak_client_overview.png) 10. _(optional)_ You can set which Name ID Format should be used -## Configure CodiMD +## Configure HedgeDoc ### Config file You have to put the following block inside your `config.json`: ```json "saml": { - "issuer": "codimd", // Change to the "Client ID" specified in the Keycloak Client + "issuer": "hedgedoc", // Change to the "Client ID" specified in the Keycloak Client "identifierFormat": "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", "idpSsoUrl": "https://keycloak.example.org/auth/realms/test/protocol/saml", // replace keycloak.example.org with the url of your keycloak server "idpCert": "/path/to/the/cert.pem", @@ -40,12 +40,12 @@ You have to put the following block inside your `config.json`: - `CMD_SAML_IDPSSOURL`: `https://keycloak.example.org/auth/realms/test/protocol/saml` (replace keycloak.example.org with the url of your keycloak server) - `CMD_SAML_IDPCERT`: `/path/to/the/cert.pem` - *(optional, see below)* `CMD_SAML_CLIENTCERT`: `/path/to/the/key.pem` -- `CMD_SAML_ISSUER`: `codimd` (Change to the "Client ID" specified in the Keycloak Client) +- `CMD_SAML_ISSUER`: `hedgedoc` (Change to the "Client ID" specified in the Keycloak Client) - `CMD_SAML_IDENTIFIERFORMAT`: `urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified` ## Client certificate *(optional)* -If you want keycloak to be able to verify CodiMD, you hava to create a client certificate. There are two options for this: +If you want keycloak to be able to verify HedgeDoc, you hava to create a client certificate. There are two options for this: ### Create Private Keys for Signing 1. Generate the private key and certificate with the following commands: @@ -56,7 +56,7 @@ openssl req -new -x509 -key priv.pem -out cert.pem *execute the following steps in keycloak* 2. Select "Client" in left sidebar -3. Go to your CodiMD-Client +3. Go to your HedgeDoc-Client 4. Select the "SAML Keys" tab ![keycloak_saml_import_cert](../../images/auth/keycloak_saml_import_cert.png) 5. Click on "Import" @@ -64,14 +64,14 @@ openssl req -new -x509 -key priv.pem -out cert.pem 7. Now upload the generated cert.pem (in this case named `cert.pem`) ![keycloak_saml_import_cert_details](../../images/auth/keycloak_saml_import_cert_details.png) 8. Click on "Import" -9. Move or copy this key (in this case named `key.pem`) and save it to the file specified in `saml.clientCert` property of the CodiMD configuration or in the enviroment-variable `CMD_SAML_CLIENTCERT` +9. Move or copy this key (in this case named `key.pem`) and save it to the file specified in `saml.clientCert` property of the HedgeDoc configuration or in the enviroment-variable `CMD_SAML_CLIENTCERT` ### Convert Private Certificate generated by KeyCloak Instead if generating you own certificate, you can also use the one generated by keycloak. 1. Select "Client" in left sidebar -2. Go to your CodiMD-Client +2. Go to your HedgeDoc-Client 3. Select the "SAML Keys" tab ![keycloak_saml_export_cert](../../images/auth/keycloak_saml_export_cert.png) @@ -83,14 +83,14 @@ Instead if generating you own certificate, you can also use the one generated by ```shell openssl pkcs12 -in keystore.p12 -out key.pem -nocerts -nodes ``` -8. Move or copy this key (in this case named `key.pem`) and save it to the file specified in `saml.idpCert` property of the CodiMD configuration or in the enviroment-variable `CMD_SAML_CLIENTCERT` +8. Move or copy this key (in this case named `key.pem`) and save it to the file specified in `saml.idpCert` property of the HedgeDoc configuration or in the enviroment-variable `CMD_SAML_CLIENTCERT` ## Use Persistent Identifiers -Instead of using the username as the owner-key in the CodiMD database, you can also use a persistent identifier. This allows to change the username, without them loosing access to their notes. +Instead of using the username as the owner-key in the HedgeDoc database, you can also use a persistent identifier. This allows to change the username, without them loosing access to their notes. -1. Go to the CodiMD-Client in keycloak. Now enable the option "Force Name ID Format" and select "persistent" as the "Name ID Format". +1. Go to the HedgeDoc-Client in keycloak. Now enable the option "Force Name ID Format" and select "persistent" as the "Name ID Format". ![keycloak_force_idformat](../../images/auth/keycloak_force_idformat.png) -2. For codimd to be able to use the username and email configured in keycloak, you have to create the following SAML protocol mappers: +2. For HedgeDoc to be able to use the username and email configured in keycloak, you have to create the following SAML protocol mappers: 2.1. Create a mapper with the type `User Property`. Set the Name, Property and SAML Attribute Name to `username`. Now you can specify a friendly name (for example `Username`) ![keycloak_mapper_username](../../images/auth/keycloak_mapper_username.png) 2.2 Create a mapper with the type `User Property`. Set the Name, Property and SAML Attribute Name to `email`. Now you can specify a friendly name (for example `E-Mail`) @@ -106,7 +106,7 @@ The configured mappers should look like this: "email": "email", } ``` -It you configure CodiMD with enviroment variables, these are the ones you have to set: +It you configure HedgeDoc with enviroment variables, these are the ones you have to set: ```bash CMD_SAML_ATTRIBUTE_USERNAME=username CMD_SAML_ATTRIBUTE_EMAIL=email diff --git a/docs/guides/auth/saml-onelogin.md b/docs/guides/auth/saml-onelogin.md index 46134e60..8b897c82 100644 --- a/docs/guides/auth/saml-onelogin.md +++ b/docs/guides/auth/saml-onelogin.md @@ -1,6 +1,6 @@ # Authentication guide - SAML (OneLogin) -**Note:** *This guide was written before the renaming. Just replace `HackMD` with `CodiMD` in your mind :smile: thanks!* +**Note:** *This guide was written before the renaming. Just replace `HackMD` with `HedgeDoc` in your mind :smile: thanks!* 1. Sign-in or sign-up for an OneLogin account. (available free trial for 2 weeks) @@ -16,9 +16,9 @@ ![onelogin-edit-app-name](../../images/auth/onelogin-edit-app-name.png) 6. After that other tabs will appear, click the **Configuration**, and fill out the below items, and click **SAVE**. - - RelayState: The base URL of your CodiMD, which is issuer. (last slash is not needed) + - RelayState: The base URL of your HedgeDoc, which is issuer. (last slash is not needed) - - ACS (Consumer) URL Validator: The callback URL of your CodiMD. (serverurl + /auth/saml/callback) + - ACS (Consumer) URL Validator: The callback URL of your HedgeDoc. (serverurl + /auth/saml/callback) - ACS (Consumer) URL: same as above. @@ -31,7 +31,7 @@ - SAML 2.0 Endpoint (HTTP): Copy the URL ....(B) ![onelogin-copy-idp-metadata](../../images/auth/onelogin-copy-idp-metadata.png) -8. In your CodiMD server, create IdP certificate file from (A) +8. In your HedgeDoc server, create IdP certificate file from (A) 9. Add the IdP URL (B) and the Idp certificate file path to your config.json file or pass them as environment variables. - `config.json`: ```javascript @@ -51,5 +51,5 @@ CMD_SAML_IDPCERT=/path/to/idp_cert.pem ``` -10. Try sign-in with SAML from your CodiMD sign-in button or OneLogin dashboard (like the screenshot below). +10. Try sign-in with SAML from your HedgeDoc sign-in button or OneLogin dashboard (like the screenshot below). ![onelogin-use-dashboard](../../images/auth/onelogin-use-dashboard.png) diff --git a/docs/guides/auth/saml.md b/docs/guides/auth/saml.md index 3b8291b7..58a2ae45 100644 --- a/docs/guides/auth/saml.md +++ b/docs/guides/auth/saml.md @@ -1,6 +1,6 @@ # Authentication guide - SAML -*Note:* This guide was written before the renaming. Just replace `HackMD` with `CodiMD` in your mind :smile: thanks! +*Note:* This guide was written before the renaming. Just replace `HackMD` with `HedgeDoc` in your mind :smile: thanks! The basic procedure is the same as the case of OneLogin which is mentioned in [OneLogin-Guide](./saml-onelogin.md). If you want to match your IdP, you can use more configurations as below. @@ -9,7 +9,7 @@ The basic procedure is the same as the case of OneLogin which is mentioned in [O - *Note:* If not accessible from IdP, download to local once and upload to IdP. - Change the value of `issuer`, `identifierFormat` to match your IdP. - - `issuer`: A unique id to identify the application to the IdP, which is the base URL of your CodiMD as default + - `issuer`: A unique id to identify the application to the IdP, which is the base URL of your HedgeDoc as default - `identifierFormat`: A format of unique id to identify the user of IdP, which is the format based on email address as default. It is recommend that you use as below. - urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress (default) @@ -21,7 +21,7 @@ The basic procedure is the same as the case of OneLogin which is mentioned in [O "production": { "saml": { /* omitted */ - "issuer": "mycodimd" + "issuer": "myhedgedoc" "identifierFormat": "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" } } @@ -30,16 +30,16 @@ The basic procedure is the same as the case of OneLogin which is mentioned in [O - environment variables ```env - CMD_SAML_ISSUER=mycodimd + CMD_SAML_ISSUER=myhedgedoc CMD_SAML_IDENTIFIERFORMAT=urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified ``` - Change mapping of attribute names to customize the displaying user name and email address to match your IdP. - `attribute`: A dictionary to map attribute names - - `attribute.id`: A primary key of user table for your CodiMD + - `attribute.id`: A primary key of user table for your HedgeDoc - - `attribute.username`: Attribute name of displaying user name on CodiMD + - `attribute.username`: Attribute name of displaying user name on HedgeDoc - `attribute.email`: Attribute name of email address, which will be also used for Gravatar - *Note:* Default value of all attributes is NameID of SAML response, which is email address if `identifierFormat` is default. @@ -70,9 +70,9 @@ The basic procedure is the same as the case of OneLogin which is mentioned in [O - If you want to control permission by group membership, add group attribute name and required group (allowed) or external group (not allowed). - `groupAttribute`: An attribute name of group membership - - `requiredGroups`: Group names array for allowed access to CodiMD. Use vertical bar to separate for environment variables. + - `requiredGroups`: Group names array for allowed access to HedgeDoc. Use vertical bar to separate for environment variables. - - `externalGroups`: Group names array for not allowed access to CodiMD. Use vertical bar to separate for environment variables. + - `externalGroups`: Group names array for not allowed access to HedgeDoc. Use vertical bar to separate for environment variables. - *Note:* Evaluates `externalGroups` first - `config.json`: @@ -82,7 +82,7 @@ The basic procedure is the same as the case of OneLogin which is mentioned in [O "saml": { /* omitted */ "groupAttribute": "memberOf", - "requiredGroups": [ "codimd-users", "board-members" ], + "requiredGroups": [ "hedgedoc-users", "board-members" ], "externalGroups": [ "temporary-staff" ] } } @@ -92,6 +92,6 @@ The basic procedure is the same as the case of OneLogin which is mentioned in [O - environment variables ```sh CMD_SAML_GROUPATTRIBUTE=memberOf - CMD_SAML_REQUIREDGROUPS=codimd-users|board-members + CMD_SAML_REQUIREDGROUPS=hedgedoc-users|board-members CMD_SAML_EXTERNALGROUPS=temporary-staff ``` diff --git a/docs/guides/auth/twitter.md b/docs/guides/auth/twitter.md index 5e709bb4..cbb8c865 100644 --- a/docs/guides/auth/twitter.md +++ b/docs/guides/auth/twitter.md @@ -1,6 +1,6 @@ # Authentication guide - Twitter -*Note:* This guide was written before the renaming. Just replace `HackMD` with `CodiMD` in your mind :smile: thanks! +*Note:* This guide was written before the renaming. Just replace `HackMD` with `HedgeDoc` in your mind :smile: thanks! 1. Sign-in or sign-up for a Twitter account |