Added some CAS and SAML settings. Not tested. Please test and send pull requests if it does not work.

See https://github.com/wekan/wekan/wiki/SAML and https://github.com/wekan/wekan/wiki/CAS

Thanks to xet7 !

Related #3204,
related #708

snap-src/bin/config

@@ -3,7 +3,7 @@
 # All supported keys are defined here together with descriptions and default values
 
 # list of supported keys
-keys="DEBUG MONGO_URL MONGODB_BIND_UNIX_SOCKET MONGO_URL MONGODB_BIND_IP MONGODB_PORT MAIL_URL MAIL_FROM ROOT_URL PORT DISABLE_MONGODB CADDY_ENABLED CADDY_BIND_PORT WITH_API RICHER_CARD_COMMENT_EDITOR CARD_OPENED_WEBHOOK_ENABLED ACCOUNTS_LOCKOUT_KNOWN_USERS_FAILURES_BEFORE ACCOUNTS_LOCKOUT_KNOWN_USERS_PERIOD ACCOUNTS_LOCKOUT_KNOWN_USERS_FAILURE_WINDOW ACCOUNTS_LOCKOUT_UNKNOWN_USERS_FAILURES_BERORE ACCOUNTS_LOCKOUT_UNKNOWN_USERS_LOCKOUT_PERIOD ACCOUNTS_LOCKOUT_UNKNOWN_USERS_FAILURE_WINDOW  MAX_IMAGE_PIXEL IMAGE_COMPRESS_RATIO BIGEVENTS_PATTERN NOTIFICATION_TRAY_AFTER_READ_DAYS_BEFORE_REMOVE NOTIFY_DUE_DAYS_BEFORE_AND_AFTER NOTIFY_DUE_AT_HOUR_OF_DAY EMAIL_NOTIFICATION_TIMEOUT CORS CORS_ALLOW_HEADERS CORS_EXPOSE_HEADERS MATOMO_ADDRESS MATOMO_SITE_ID MATOMO_DO_NOT_TRACK MATOMO_WITH_USERNAME BROWSER_POLICY_ENABLED TRUSTED_URL WEBHOOKS_ATTRIBUTES OAUTH2_ENABLED OAUTH2_LOGIN_STYLE OAUTH2_CLIENT_ID OAUTH2_SECRET OAUTH2_SERVER_URL OAUTH2_AUTH_ENDPOINT OAUTH2_USERINFO_ENDPOINT OAUTH2_TOKEN_ENDPOINT OAUTH2_ID_MAP OAUTH2_USERNAME_MAP OAUTH2_FULLNAME_MAP OAUTH2_ID_TOKEN_WHITELIST_FIELDS OAUTH2_EMAIL_MAP OAUTH2_REQUEST_PERMISSIONS OAUTH2_ADFS_ENABLED LDAP_ENABLE LDAP_PORT LDAP_HOST LDAP_BASEDN LDAP_LOGIN_FALLBACK LDAP_RECONNECT LDAP_TIMEOUT LDAP_IDLE_TIMEOUT LDAP_CONNECT_TIMEOUT LDAP_AUTHENTIFICATION LDAP_AUTHENTIFICATION_USERDN LDAP_AUTHENTIFICATION_PASSWORD LDAP_LOG_ENABLED LDAP_BACKGROUND_SYNC LDAP_BACKGROUND_SYNC_INTERVAL LDAP_BACKGROUND_SYNC_KEEP_EXISTANT_USERS_UPDATED LDAP_BACKGROUND_SYNC_IMPORT_NEW_USERS LDAP_ENCRYPTION LDAP_CA_CERT LDAP_REJECT_UNAUTHORIZED LDAP_USER_AUTHENTICATION LDAP_USER_AUTHENTICATION_FIELD LDAP_USER_SEARCH_FILTER LDAP_USER_SEARCH_SCOPE LDAP_USER_SEARCH_FIELD LDAP_SEARCH_PAGE_SIZE LDAP_SEARCH_SIZE_LIMIT LDAP_GROUP_FILTER_ENABLE LDAP_GROUP_FILTER_OBJECTCLASS LDAP_GROUP_FILTER_GROUP_ID_ATTRIBUTE LDAP_GROUP_FILTER_GROUP_MEMBER_ATTRIBUTE LDAP_GROUP_FILTER_GROUP_MEMBER_FORMAT LDAP_GROUP_FILTER_GROUP_NAME LDAP_UNIQUE_IDENTIFIER_FIELD LDAP_UTF8_NAMES_SLUGIFY LDAP_USERNAME_FIELD LDAP_FULLNAME_FIELD LDAP_MERGE_EXISTING_USERS LDAP_SYNC_USER_DATA LDAP_SYNC_USER_DATA_FIELDMAP LDAP_SYNC_GROUP_ROLES LDAP_DEFAULT_DOMAIN LDAP_EMAIL_MATCH_ENABLE LDAP_EMAIL_MATCH_REQUIRE LDAP_EMAIL_MATCH_VERIFIED LDAP_EMAIL_FIELD LDAP_SYNC_ADMIN_STATUS LDAP_SYNC_ADMIN_GROUPS HEADER_LOGIN_ID HEADER_LOGIN_FIRSTNAME HEADER_LOGIN_LASTNAME HEADER_LOGIN_EMAIL LOGOUT_WITH_TIMER LOGOUT_IN LOGOUT_ON_HOURS LOGOUT_ON_MINUTES DEFAULT_AUTHENTICATION_METHOD ATTACHMENTS_STORE_PATH PASSWORD_LOGIN_ENABLED"
+keys="DEBUG MONGO_URL MONGODB_BIND_UNIX_SOCKET MONGO_URL MONGODB_BIND_IP MONGODB_PORT MAIL_URL MAIL_FROM ROOT_URL PORT DISABLE_MONGODB CADDY_ENABLED CADDY_BIND_PORT WITH_API RICHER_CARD_COMMENT_EDITOR CARD_OPENED_WEBHOOK_ENABLED ACCOUNTS_LOCKOUT_KNOWN_USERS_FAILURES_BEFORE ACCOUNTS_LOCKOUT_KNOWN_USERS_PERIOD ACCOUNTS_LOCKOUT_KNOWN_USERS_FAILURE_WINDOW ACCOUNTS_LOCKOUT_UNKNOWN_USERS_FAILURES_BERORE ACCOUNTS_LOCKOUT_UNKNOWN_USERS_LOCKOUT_PERIOD ACCOUNTS_LOCKOUT_UNKNOWN_USERS_FAILURE_WINDOW  MAX_IMAGE_PIXEL IMAGE_COMPRESS_RATIO BIGEVENTS_PATTERN NOTIFICATION_TRAY_AFTER_READ_DAYS_BEFORE_REMOVE NOTIFY_DUE_DAYS_BEFORE_AND_AFTER NOTIFY_DUE_AT_HOUR_OF_DAY EMAIL_NOTIFICATION_TIMEOUT CORS CORS_ALLOW_HEADERS CORS_EXPOSE_HEADERS MATOMO_ADDRESS MATOMO_SITE_ID MATOMO_DO_NOT_TRACK MATOMO_WITH_USERNAME BROWSER_POLICY_ENABLED TRUSTED_URL WEBHOOKS_ATTRIBUTES OAUTH2_ENABLED OAUTH2_LOGIN_STYLE OAUTH2_CLIENT_ID OAUTH2_SECRET OAUTH2_SERVER_URL OAUTH2_AUTH_ENDPOINT OAUTH2_USERINFO_ENDPOINT OAUTH2_TOKEN_ENDPOINT OAUTH2_ID_MAP OAUTH2_USERNAME_MAP OAUTH2_FULLNAME_MAP OAUTH2_ID_TOKEN_WHITELIST_FIELDS OAUTH2_EMAIL_MAP OAUTH2_REQUEST_PERMISSIONS OAUTH2_ADFS_ENABLED LDAP_ENABLE LDAP_PORT LDAP_HOST LDAP_BASEDN LDAP_LOGIN_FALLBACK LDAP_RECONNECT LDAP_TIMEOUT LDAP_IDLE_TIMEOUT LDAP_CONNECT_TIMEOUT LDAP_AUTHENTIFICATION LDAP_AUTHENTIFICATION_USERDN LDAP_AUTHENTIFICATION_PASSWORD LDAP_LOG_ENABLED LDAP_BACKGROUND_SYNC LDAP_BACKGROUND_SYNC_INTERVAL LDAP_BACKGROUND_SYNC_KEEP_EXISTANT_USERS_UPDATED LDAP_BACKGROUND_SYNC_IMPORT_NEW_USERS LDAP_ENCRYPTION LDAP_CA_CERT LDAP_REJECT_UNAUTHORIZED LDAP_USER_AUTHENTICATION LDAP_USER_AUTHENTICATION_FIELD LDAP_USER_SEARCH_FILTER LDAP_USER_SEARCH_SCOPE LDAP_USER_SEARCH_FIELD LDAP_SEARCH_PAGE_SIZE LDAP_SEARCH_SIZE_LIMIT LDAP_GROUP_FILTER_ENABLE LDAP_GROUP_FILTER_OBJECTCLASS LDAP_GROUP_FILTER_GROUP_ID_ATTRIBUTE LDAP_GROUP_FILTER_GROUP_MEMBER_ATTRIBUTE LDAP_GROUP_FILTER_GROUP_MEMBER_FORMAT LDAP_GROUP_FILTER_GROUP_NAME LDAP_UNIQUE_IDENTIFIER_FIELD LDAP_UTF8_NAMES_SLUGIFY LDAP_USERNAME_FIELD LDAP_FULLNAME_FIELD LDAP_MERGE_EXISTING_USERS LDAP_SYNC_USER_DATA LDAP_SYNC_USER_DATA_FIELDMAP LDAP_SYNC_GROUP_ROLES LDAP_DEFAULT_DOMAIN LDAP_EMAIL_MATCH_ENABLE LDAP_EMAIL_MATCH_REQUIRE LDAP_EMAIL_MATCH_VERIFIED LDAP_EMAIL_FIELD LDAP_SYNC_ADMIN_STATUS LDAP_SYNC_ADMIN_GROUPS HEADER_LOGIN_ID HEADER_LOGIN_FIRSTNAME HEADER_LOGIN_LASTNAME HEADER_LOGIN_EMAIL LOGOUT_WITH_TIMER LOGOUT_IN LOGOUT_ON_HOURS LOGOUT_ON_MINUTES DEFAULT_AUTHENTICATION_METHOD ATTACHMENTS_STORE_PATH PASSWORD_LOGIN_ENABLED CAS_ENABLED CAS_BASE_URL CAS_LOGIN_URL CAS_VALIDATE_URL SAML_ENABLED SAML_PROVIDER SAML_ENTRYPOINT SAML_ISSUER SAML_CERT SAML_IDPSLO_REDIRECTURL SAML_PRIVATE_KEYFILE SAML_PUBLIC_CERTFILE SAML_IDENTIFIER_FORMAT SAML_LOCAL_PROFILE_MATCH_ATTRIBUTE SAML_ATTRIBUTES"
 
 # default values
 DESCRIPTION_DEBUG="Debug OIDC OAuth2 etc. Example: sudo snap set wekan debug='true'"
@@ -464,3 +464,70 @@ DESCRIPTION_PASSWORD_LOGIN_ENABLED="To hide the password login form"
 DEFAULT_PASSWORD_LOGIN_ENABLED="true"
 KEY_PASSWORD_LOGIN_ENABLED="password-login-enabled"
 
+DESCRIPTION_CAS_ENABLED="CAS Enabled"
+DEFAULT_CAS_ENABLED="false"
+KEY_CAS_ENABLED="cas-enabled"
+
+DESCRIPTION_CAS_BASE_URL="CAS Base URL"
+DEFAULT_CAS_BASE_URL=""
+KEY_CAS_BASE_URL="cas-base-url"
+
+DESCRIPTION_CAS_LOGIN_URL="CAS Login URL"
+DEFAULT_CAS_LOGIN_URL=""
+KEY_CAS_LOGIN_URL="cas-login-url"
+
+DESCRIPTION_CAS_VALIDATE_URL="CAS Validate URL"
+DEFAULT_CAS_VALIDATE_URL=""
+KEY_CAS_VALIDATE_URL="cas-validate-url"
+
+DESCRIPTION_SAML_ENABLED="SAML Enabled. Default: false"
+DEFAULT_SAML_ENABLED="false"
+KEY_SAML_ENABLED="saml-enabled"
+
+DESCRIPTION_SAML_PROVIDER="SAML Provider"
+DEFAULT_SAML_PROVIDER=""
+KEY_SAML_PROVIDER="saml-provider"
+
+DESCRIPTION_SAML_ENTRYPOINT="SAML Entrypoint"
+DEFAULT_SAML_ENTRYPOINT=""
+KEY_SAML_ENTRYPOINT="saml-entrypoint"
+
+DESCRIPTION_SAML_ISSUER="SAML Issuer"
+DEFAULT_SAML_ISSUER=""
+KEY_SAML_ISSUER="saml-issuer"
+
+DESCRIPTION_SAML_CERT="SAML Cert"
+DEFAULT_SAML_CERT=""
+KEY_SAML_CERT="saml-cert"
+
+DESCRIPTION_SAML_IDPSLO_REDIRECTURL="SAML IDPSLO Redirect URL"
+DEFAULT_SAML_IDPSLO_REDIRECTURL=""
+KEY_SAML_IDPSLO_REDIRECTURL="saml-idpslo-redirecturl"
+
+DESCRIPTION_SAML_PRIVATE_KEYFILE="SAML Private Keyfile"
+DEFAULT_SAML_PRIVATE_KEYFILE=""
+KEY_SAML_PRIVATE_KEYFILE="saml-private-keyfile"
+
+DESCRIPTION_SAML_PUBLIC_CERTFILE="SAML Public Certfile"
+DEFAULT_SAML_PUBLIC_CERTFILE=""
+KEY_SAML_PUBLIC_CERTFILE="saml-public-certfile"
+
+DESCRIPTION_SAML_PUBLIC_CERTFILE="SAML Public Certfile"
+DEFAULT_SAML_PUBLIC_CERTFILE=""
+KEY_SAML_PUBLIC_CERTFILE="saml-public-certfile"
+
+DESCRIPTION_SAML_IDENTIFIER_FORMAT="SAML Identifier Format"
+DEFAULT_SAML_IDENTIFIER_FORMAT=""
+KEY_SAML_IDENTIFIER_FORMAT="saml-identifier-format"
+
+DESCRIPTION_SAML_IDENTIFIER_FORMAT="SAML Identifier Format"
+DEFAULT_SAML_IDENTIFIER_FORMAT=""
+KEY_SAML_IDENTIFIER_FORMAT="saml-identifier-format"
+
+DESCRIPTION_SAML_LOCAL_PROFILE_MATCH_ATTRIBUTE="SAML Local Profile Match Attribute"
+DEFAULT_SAML_LOCAL_PROFILE_MATCH_ATTRIBUTE=""
+KEY_SAML_LOCAL_PROFILE_MATCH_ATTRIBUTE="saml-local-profile-match-attribute"
+
+DESCRIPTION_SAML_ATTRIBUTES="SAML Attributes"
+DEFAULT_SAML_ATTRIBUTES=""
+KEY_SAML_ATTRIBUTES="saml-attributes"

snap-src/bin/wekan-help

@@ -478,6 +478,51 @@ echo -e "\n"
 echo -e "Enable or not password login Form"
 echo -e "\t$ snap set $SNAP_NAME password-login-enabled='false'"
 echo -e "\n"
+echo -e "CAS Enabled. Default: false"
+echo -e "\t$ snap set $SNAP_NAME cas-enabled='true'"
+echo -e "\n"
+echo -e "CAS Base URL."
+echo -e "\t$ snap set $SNAP_NAME cas-base-url='https://cas.example.com/cas'"
+echo -e "\n"
+echo -e "CAS Login URL."
+echo -e "\t$ snap set $SNAP_NAME cas-login-url='https://cas.example.com/login'"
+echo -e "\n"
+echo -e "CAS Validate URL."
+echo -e "\t$ snap set $SNAP_NAME cas-validate-url='https://cas.example.com/cas/p3/serviceValidate'"
+echo -e "\n"
+echo -e "SAML Enabled. Default: false"
+echo -e "\t$ snap set $SNAP_NAME saml-enabled='true'"
+echo -e "\n"
+echo -e "SAML Provider. openam or openidp."
+echo -e "\t$ snap set $SNAP_NAME saml-provider='openam'"
+echo -e "\n"
+echo -e "SAML Entrypoint."
+echo -e "\t$ snap set $SNAP_NAME saml-entrypoint=''"
+echo -e "\n"
+echo -e "SAML Issuer."
+echo -e "\t$ snap set $SNAP_NAME saml-issuer=''"
+echo -e "\n"
+echo -e "SAML Cert."
+echo -e "\t$ snap set $SNAP_NAME saml-cert=''"
+echo -e "\n"
+echo -e "SAML IDPS LO Redirect URL."
+echo -e "\t$ snap set $SNAP_NAME saml-ispslo-redirecturl=''"
+echo -e "\n"
+echo -e "SAML Private Keyfile."
+echo -e "\t$ snap set $SNAP_NAME saml-private-keyfile=''"
+echo -e "\n"
+echo -e "SAML Public Certfile."
+echo -e "\t$ snap set $SNAP_NAME saml-public-certfile=''"
+echo -e "\n"
+echo -e "SAML Identifier Format."
+echo -e "\t$ snap set $SNAP_NAME saml-identifier-format=''"
+echo -e "\n"
+echo -e "SAML Local Profile Match Attribute."
+echo -e "\t$ snap set $SNAP_NAME saml-local-profile-match-attribute=''"
+echo -e "\n"
+echo -e "SAML Attributes."
+echo -e "\t$ snap set $SNAP_NAME saml-attributes=''"
+echo -e "\n"
 # parse config file for supported settings keys
 echo -e "wekan supports settings keys"
 echo -e "values can be changed by calling\n$ snap set $SNAP_NAME <key name>='<key value>'"