mirror of
https://github.com/juanfont/headscale.git
synced 2024-11-26 08:53:05 +00:00
Fix up leftovers from kradalby PR
This commit is contained in:
parent
e7424222db
commit
dbe193ad17
2 changed files with 18 additions and 10 deletions
24
README.md
24
README.md
|
@ -30,7 +30,7 @@ Headscale implements this coordination server.
|
|||
- [x] Support for alternative IP ranges in the tailnets (default Tailscale's 100.64.0.0/10)
|
||||
- [x] DNS (passing DNS servers to nodes)
|
||||
- [x] Share nodes between ~~users~~ namespaces
|
||||
- [x] SSO (via OIDC)
|
||||
- [x] Single-Sign-On (via Open ID Connect)
|
||||
- [x] MagicDNS (see `docs/`)
|
||||
|
||||
## Client OS support
|
||||
|
@ -109,13 +109,14 @@ Suggestions/PRs welcomed!
|
|||
|
||||
```json
|
||||
{
|
||||
"oidc_issuer": "https://your-oidc.issuer.com/path",
|
||||
"oidc_client_id": "your-oidc-client-id",
|
||||
"oidc_client_secret": "your-oidc-client-secret"
|
||||
"oidc": {
|
||||
"issuer": "https://your-oidc.issuer.com/path",
|
||||
"client_id": "your-oidc-client-id",
|
||||
"client_secret": "your-oidc-client-secret",
|
||||
"domain_map": {
|
||||
".*": "default-namespace"
|
||||
}
|
||||
}
|
||||
```
|
||||
|
||||
If `oidc_issuer` is set, headscale will attempt to send your users to the OIDC server for authentication, otherwise it will give instructions on how to authorise clients via the CLI.
|
||||
|
||||
6. Run the server
|
||||
|
||||
|
@ -237,9 +238,12 @@ The fields starting with `db_` are used for the PostgreSQL connection informatio
|
|||
|
||||
OpenID Connect settings:
|
||||
```
|
||||
"oidc_issuer": "https://your-oidc.issuer.com/path",
|
||||
"oidc_client_id": "your-oidc-client-id",
|
||||
"oidc_client_secret": "your-oidc-client-secret"
|
||||
oidc:
|
||||
issuer: "https://your-oidc.issuer.com/path"
|
||||
client_id: "your-oidc-client-id"
|
||||
client_secret: "your-oidc-client-secret"
|
||||
domain_map:
|
||||
".*": default-namespace
|
||||
```
|
||||
|
||||
|
||||
|
|
4
oidc.go
4
oidc.go
|
@ -212,6 +212,10 @@ func (h *Headscale) OIDCCallback(c *gin.Context) {
|
|||
c.String(http.StatusBadRequest, "email from claim could not be mapped to a namespace")
|
||||
}
|
||||
|
||||
// getNamespaceFromEmail passes the users email through a list of "matchers"
|
||||
// and iterates through them until it matches and returns a namespace.
|
||||
// If no match is found, an empty string will be returned.
|
||||
// TODO(kradalby): golang Maps key order is not stable, so this list is _not_ deterministic. Find a way to make the list of keys stable, preferably in the order presented in a users configuration.
|
||||
func (h *Headscale) getNamespaceFromEmail(email string) (string, bool) {
|
||||
for match, namespace := range h.cfg.OIDC.MatchMap {
|
||||
regex := regexp.MustCompile(match)
|
||||
|
|
Loading…
Reference in a new issue