mirror of
https://github.com/warp-tech/warpgate.git
synced 2025-09-07 07:04:22 +08:00
916d51a4e8
This is done using the `role_mappings` property.
Roles to be mapped are gotten from the 'warp_groups` oidc claim:
```sso_providers:
- name: custom_sso
label: Custom SSO
provider:
type: custom
client_id: <client_id>
client_secret: <client_secret>
issuer_url: <issuer_url>
scopes: ["email", "profile", "openid", "warp_groups"] #warp_groups is scope name to request for my demo case, which adds a "warpgate_groups" claim to the userinfo
role_mappings:
- ["warpgate:admin", "warpgate:admin"]
```
This maps the `warpgate:admin` group from OIDC to the `warpgate:admin`
role.
This [video on YouTube](https://youtu.be/XCYSGGCgk9Q) demonstrates the
functionality
---------
Co-authored-by: Eugene <inbox@null.page>
|
||
|---|---|---|
| .. | ||
| certs | ||
| images | ||
| oidc-mock | ||
| ssh-keys | ||
| __init__.py | ||
| api_client.py | ||
| conftest.py | ||
| Makefile | ||
| poetry.lock | ||
| pyproject.toml | ||
| run.sh | ||
| test_http_basic.py | ||
| test_http_common.py | ||
| test_http_conntest.py | ||
| test_http_cookies.py | ||
| test_http_redirects.py | ||
| test_http_user_auth_logout.py | ||
| test_http_user_auth_otp.py | ||
| test_http_user_auth_password.py | ||
| test_http_user_auth_ticket.py | ||
| test_http_websocket.py | ||
| test_mysql_user_auth_password.py | ||
| test_ssh_conntest.py | ||
| test_ssh_proto.py | ||
| test_ssh_target_selection.py | ||
| test_ssh_user_auth_otp.py | ||
| test_ssh_user_auth_password.py | ||
| test_ssh_user_auth_pubkey.py | ||
| test_ssh_user_auth_ticket.py | ||
| util.py | ||