Installing Twake with LemonLDAP (LDAP, OpenID and more)
Harder than KeyCloak but has other features, see official LemonLDAP site.

1. Twake configuration

Edit Twake PHP config twake/backend/core/app/Configuration/Parameters.php, in defaults.auth.openid
1
"openid" => [
2
"use" => true,
3
"provider_uri" => 'http://auth.open-paas.org.local',
4
"client_id" => 'twake',
5
"client_secret" => 'secret',
6
"ignore_mail_verified" => true,
7
"ignore_id_token_verification" => true,
8
"provider_config" => [
9
"token_endpoint"=> "http://auth.open-paas.org.local/oauth2/token", //token_endpoint
10
"userinfo_endpoint" => "http://auth.open-paas.org.local/oauth2/userinfo",//userinfo_endpoint
11
"end_session_endpoint" => "http://auth.open-paas.org.local/oauth2/logout",//end_session_endpoint
12
"authorization_endpoint" => "http://auth.open-paas.org.local/oauth2/authorize",//authorization_endpoint
13
]
14
15
],
Copied!
Add line to /etc/hosts if needed :
sudo docker-compose exec php bash -c "echo '51.210.124.92 manager.open-paas.org.local auth.open-paas.org.local reload.open-paas.org.local' >> /etc/hosts"

2. Lemon LDAP configuration

Dans ClientOpenIDConnect > twake > Options > Basique > Adresse connexion : http://15.236.209.74/ajax/users/openid
Dans ClientOpenIDConnect > twake > Attributs exportés :
1
{
2
email_verified: email_verified,
3
picture: picture,
4
name: cn,
5
given_name: givenName,
6
family_name: sn,
7
email: mail,
8
sub: uid
9
}
Copied!
[Ne marche pas pour le moment] Dans ClientOpenIDConnect > twake > Options > Déconnexion > Adresse : http://15.236.209.74/ajax/users/openid/logout_success
Last modified 1yr ago
Copy link