Add SSO functionality using OpenID Connect

Co-authored-by: Pablo Ovelleiro Corral <mail@pablo.tools> Co-authored-by: Stuart Heap <sheap13@gmail.com> Co-authored-by: Alex Moore <skiepp@my-dockerfarm.cloud> Co-authored-by: Brian Munro <brian.alexander.munro@gmail.com> Co-authored-by: Jacques B. <timshel@github.com>
2025-07-30 23:59:07 +00:00 · 2023-08-30 16:13:09 +02:00 · 2023-08-30 16:13:09 +02:00 · 671f7a1d31
commit 671f7a1d31
parent 10d12676cf
24 changed files with 700 additions and 13 deletions
--- a/.env.template
+++ b/.env.template
@ -444,6 +444,20 @@
 ## Setting this to true will enforce the Single Org Policy to be enabled before you can enable the Reset Password policy.
 # ENFORCE_SINGLE_ORG_WITH_RESET_PW_POLICY=false

+#####################################
+### SSO settings (OpenID Connect) ###
+#####################################
+
+## Controls whether users can login using an OpenID Connect identity provider
+# SSO_ENABLED=false
+## Prevent users from logging in directly without going through SSO
+# SSO_ONLY=false
+## Base URL of the OIDC server (auto-discovery is used)
+# SSO_AUTHORITY=https://auth.example.com
+## Set your Client ID and Client Key
+# SSO_CLIENT_ID=11111
+# SSO_CLIENT_SECRET=AAAAAAAAAAAAAAAAAAAAAAAA
+
 ########################
 ### MFA/2FA settings ###
 ########################