Fix up leftovers from kradalby PR
This commit is contained in:
parent
e7424222db
commit
dbe193ad17
2 changed files with 18 additions and 10 deletions
24
README.md
24
README.md
|
@ -30,7 +30,7 @@ Headscale implements this coordination server.
|
||||||
- [x] Support for alternative IP ranges in the tailnets (default Tailscale's 100.64.0.0/10)
|
- [x] Support for alternative IP ranges in the tailnets (default Tailscale's 100.64.0.0/10)
|
||||||
- [x] DNS (passing DNS servers to nodes)
|
- [x] DNS (passing DNS servers to nodes)
|
||||||
- [x] Share nodes between ~~users~~ namespaces
|
- [x] Share nodes between ~~users~~ namespaces
|
||||||
- [x] SSO (via OIDC)
|
- [x] Single-Sign-On (via Open ID Connect)
|
||||||
- [x] MagicDNS (see `docs/`)
|
- [x] MagicDNS (see `docs/`)
|
||||||
|
|
||||||
## Client OS support
|
## Client OS support
|
||||||
|
@ -109,13 +109,14 @@ Suggestions/PRs welcomed!
|
||||||
|
|
||||||
```json
|
```json
|
||||||
{
|
{
|
||||||
"oidc_issuer": "https://your-oidc.issuer.com/path",
|
"oidc": {
|
||||||
"oidc_client_id": "your-oidc-client-id",
|
"issuer": "https://your-oidc.issuer.com/path",
|
||||||
"oidc_client_secret": "your-oidc-client-secret"
|
"client_id": "your-oidc-client-id",
|
||||||
|
"client_secret": "your-oidc-client-secret",
|
||||||
|
"domain_map": {
|
||||||
|
".*": "default-namespace"
|
||||||
|
}
|
||||||
}
|
}
|
||||||
```
|
|
||||||
|
|
||||||
If `oidc_issuer` is set, headscale will attempt to send your users to the OIDC server for authentication, otherwise it will give instructions on how to authorise clients via the CLI.
|
|
||||||
|
|
||||||
6. Run the server
|
6. Run the server
|
||||||
|
|
||||||
|
@ -237,9 +238,12 @@ The fields starting with `db_` are used for the PostgreSQL connection informatio
|
||||||
|
|
||||||
OpenID Connect settings:
|
OpenID Connect settings:
|
||||||
```
|
```
|
||||||
"oidc_issuer": "https://your-oidc.issuer.com/path",
|
oidc:
|
||||||
"oidc_client_id": "your-oidc-client-id",
|
issuer: "https://your-oidc.issuer.com/path"
|
||||||
"oidc_client_secret": "your-oidc-client-secret"
|
client_id: "your-oidc-client-id"
|
||||||
|
client_secret: "your-oidc-client-secret"
|
||||||
|
domain_map:
|
||||||
|
".*": default-namespace
|
||||||
```
|
```
|
||||||
|
|
||||||
|
|
||||||
|
|
4
oidc.go
4
oidc.go
|
@ -212,6 +212,10 @@ func (h *Headscale) OIDCCallback(c *gin.Context) {
|
||||||
c.String(http.StatusBadRequest, "email from claim could not be mapped to a namespace")
|
c.String(http.StatusBadRequest, "email from claim could not be mapped to a namespace")
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// getNamespaceFromEmail passes the users email through a list of "matchers"
|
||||||
|
// and iterates through them until it matches and returns a namespace.
|
||||||
|
// If no match is found, an empty string will be returned.
|
||||||
|
// TODO(kradalby): golang Maps key order is not stable, so this list is _not_ deterministic. Find a way to make the list of keys stable, preferably in the order presented in a users configuration.
|
||||||
func (h *Headscale) getNamespaceFromEmail(email string) (string, bool) {
|
func (h *Headscale) getNamespaceFromEmail(email string) (string, bool) {
|
||||||
for match, namespace := range h.cfg.OIDC.MatchMap {
|
for match, namespace := range h.cfg.OIDC.MatchMap {
|
||||||
regex := regexp.MustCompile(match)
|
regex := regexp.MustCompile(match)
|
||||||
|
|
Loading…
Reference in a new issue