Twake
⬅️ Go on twake
  • ☀️ Twake
  • Getting started
    • ▶️Use Twake on twake.app
    • 🏗️Install on your server
      • 🎡Scale with Twake
    • ⚙️Configuration
      • 🔒Security
      • 🔗Custom domain + HTTPS
        • Apache2 configuration
      • 💌Configure mail server
      • 🎨Customisation
      • 🔌Connectors and plugins
      • 👨‍💻 Authentication modes
        • Using Keycloak (LDAP, OpenID and more)
        • Installing Twake with LemonLDAP (LDAP, OpenID and more)
  • How to use it
    • 👋Welcome to Twake !
    • 🧰Console
      • Users
    • 🏢Company & workspace
      • Invite user from Chat
      • Rights
    • 💠Applications
      • 💬Chat
        • Channels
        • Message
      • 📂Drive
        • File and folder
        • Share file with public link
      • 📆Calendar
      • ✅Tasks
      • 🔃Connectors
        • n8n
    • 🖥️Desktop and mobile app
    • 🔒Privacy
  • Developers API
    • 🏠Home
    • 🥇Getting started
      • Create your first application
      • Authenticate with Postman
      • Send a message with your application
      • Trigger action from command
    • ⚙️Application settings
      • Api
      • Display
      • Privileges
      • Identity
    • 📖API Reference
      • Webhook
      • Drive
      • Message
        • DELETE Request
        • POST Request
      • Authentication
    • 🧱Blocks
  • Internal Documentation
    • 🥇Get started
    • 🎨Twake Ecosystem Guidelines
    • 📚Our stack
    • 🧱Backend and APIs
      • 🔑(WIP) Authentication
      • 👥Users and workspaces
      • 🍎Applications
        • Database models
        • REST APIs
      • 🎩Channels and tabs
        • Database models
      • 💬Messages
        • Database models
      • 📄Files
        • Database models
        • REST APIs
        • Resumable.js
      • 📲Notifications
        • Database models
      • 🛠️Twake service development
        • What is a service in Twake ?
        • Create a new service
        • Platform/Technical services
          • Database ORM platform service
    • 🖥️Web, desktop and mobile
      • Table
      • ObjectModal
        • ObjectModalTitle
        • ObjectModalSeparator
        • ObjectModalSectionTitle
        • ObjectModalFormTitle
      • UserListManager
      • MediumPopupManager
      • MenuManager
    • 🎭Translation
Powered by GitBook
On this page

Was this helpful?

  1. Getting started
  2. Configuration
  3. 👨‍💻 Authentication modes

Installing Twake with LemonLDAP (LDAP, OpenID and more)

Harder than KeyCloak but has other features, see official LemonLDAP site.

1. Twake configuration

Edit Twake PHP config twake/backend/core/app/Configuration/Parameters.php, in defaults.auth.openid

"openid" => [
    "use" => true,
    "provider_uri" => 'http://auth.open-paas.org.local',
    "client_id" => 'twake',
    "client_secret" => 'secret',
    "ignore_mail_verified" => true,
    "ignore_id_token_verification" => true,
    "provider_config" => [
      "token_endpoint"=> "http://auth.open-paas.org.local/oauth2/token", //token_endpoint
      "userinfo_endpoint" => "http://auth.open-paas.org.local/oauth2/userinfo",//userinfo_endpoint
      "end_session_endpoint" => "http://auth.open-paas.org.local/oauth2/logout",//end_session_endpoint
      "authorization_endpoint" => "http://auth.open-paas.org.local/oauth2/authorize",//authorization_endpoint
    ]

],

Add line to /etc/hosts if needed :

sudo docker-compose exec php bash -c "echo '51.210.124.92 manager.open-paas.org.local auth.open-paas.org.local reload.open-paas.org.local' >> /etc/hosts"

2. Lemon LDAP configuration

Dans ClientOpenIDConnect > twake > Attributs exportés :

{
  email_verified: email_verified,
  picture: picture,
  name: cn,
  given_name: givenName,
  family_name: sn,
  email: mail,
  sub: uid
}
PreviousUsing Keycloak (LDAP, OpenID and more)NextWelcome to Twake !

Last updated 4 years ago

Was this helpful?

Dans ClientOpenIDConnect > twake > Options > Basique > Adresse connexion :

[Ne marche pas pour le moment] Dans ClientOpenIDConnect > twake > Options > Déconnexion > Adresse :

⚙️
http://15.236.209.74/ajax/users/openid
http://15.236.209.74/ajax/users/openid/logout_success