mirror of
https://github.com/netbirdio/netbird.git
synced 2024-12-13 10:21:10 +01:00
7794b744f8
Enhance the user experience by enabling authentication to Netbird using Single Sign-On (SSO) with any Identity Provider (IDP) provider. Current client offers this capability through the Device Authorization Flow, however, is not widely supported by many IDPs, and even some that do support it do not provide a complete verification URL. To address these challenges, this pull request enable Authorization Code Flow with Proof Key for Code Exchange (PKCE) for client logins, which is a more widely adopted and secure approach to facilitate SSO with various IDP providers.
89 lines
3.2 KiB
Bash
89 lines
3.2 KiB
Bash
## Most settings are being done automatically with the sourced variables from setup.env, but you can edit if you need some customization
|
|
|
|
# Management API
|
|
|
|
# Management API port
|
|
NETBIRD_MGMT_API_PORT=${NETBIRD_MGMT_API_PORT:-33073}
|
|
# Management API endpoint address, used by the Dashboard
|
|
NETBIRD_MGMT_API_ENDPOINT=https://$NETBIRD_DOMAIN:$NETBIRD_MGMT_API_PORT
|
|
# Management Certficate file path. These are generated by the Dashboard container
|
|
NETBIRD_LETSENCRYPT_DOMAIN=$NETBIRD_DOMAIN
|
|
NETBIRD_MGMT_API_CERT_FILE="/etc/letsencrypt/live/$NETBIRD_LETSENCRYPT_DOMAIN/fullchain.pem"
|
|
# Management Certficate key file path.
|
|
NETBIRD_MGMT_API_CERT_KEY_FILE="/etc/letsencrypt/live/$NETBIRD_LETSENCRYPT_DOMAIN/privkey.pem"
|
|
# By default Management single account mode is enabled and domain set to $NETBIRD_DOMAIN, you may want to set this to your user's email domain
|
|
NETBIRD_MGMT_SINGLE_ACCOUNT_MODE_DOMAIN=$NETBIRD_DOMAIN
|
|
NETBIRD_MGMT_DNS_DOMAIN=${NETBIRD_MGMT_DNS_DOMAIN:-netbird.selfhosted}
|
|
|
|
# Signal
|
|
NETBIRD_SIGNAL_PROTOCOL="http"
|
|
NETBIRD_SIGNAL_PORT=${NETBIRD_SIGNAL_PORT:-10000}
|
|
|
|
# Turn credentials
|
|
# User
|
|
TURN_USER=self
|
|
# Password. If empty, the configure.sh will generate one with openssl
|
|
TURN_PASSWORD=
|
|
# Min port
|
|
TURN_MIN_PORT=${TURN_MIN_PORT:-49152}
|
|
# Max port
|
|
TURN_MAX_PORT=${TURN_MAX_PORT:-65535}
|
|
|
|
VOLUME_PREFIX="netbird-"
|
|
MGMT_VOLUMESUFFIX="mgmt"
|
|
SIGNAL_VOLUMESUFFIX="signal"
|
|
LETSENCRYPT_VOLUMESUFFIX="letsencrypt"
|
|
|
|
NETBIRD_AUTH_DEVICE_AUTH_PROVIDER="none"
|
|
NETBIRD_AUTH_DEVICE_AUTH_AUDIENCE=${NETBIRD_AUTH_DEVICE_AUTH_AUDIENCE:-$NETBIRD_AUTH_AUDIENCE}
|
|
NETBIRD_AUTH_DEVICE_AUTH_SCOPE=${NETBIRD_AUTH_DEVICE_AUTH_SCOPE:-openid}
|
|
NETBIRD_AUTH_DEVICE_AUTH_USE_ID_TOKEN=${NETBIRD_AUTH_DEVICE_AUTH_USE_ID_TOKEN:-false}
|
|
|
|
|
|
NETBIRD_DISABLE_ANONYMOUS_METRICS=${NETBIRD_DISABLE_ANONYMOUS_METRICS:-false}
|
|
NETBIRD_TOKEN_SOURCE=${NETBIRD_TOKEN_SOURCE:-accessToken}
|
|
|
|
# PKCE authorization flow
|
|
NETBIRD_AUTH_PKCE_REDIRECT_URL_PORTS=${NETBIRD_AUTH_PKCE_REDIRECT_URL_PORTS:-"53000"}
|
|
NETBIRD_AUTH_PKCE_USE_ID_TOKEN=${NETBIRD_AUTH_PKCE_USE_ID_TOKEN:-false}
|
|
|
|
# exports
|
|
export NETBIRD_DOMAIN
|
|
export NETBIRD_AUTH_CLIENT_ID
|
|
export NETBIRD_AUTH_CLIENT_SECRET
|
|
export NETBIRD_AUTH_AUDIENCE
|
|
export NETBIRD_AUTH_AUTHORITY
|
|
export NETBIRD_USE_AUTH0
|
|
export NETBIRD_AUTH_SUPPORTED_SCOPES
|
|
export NETBIRD_AUTH_JWT_CERTS
|
|
export NETBIRD_LETSENCRYPT_EMAIL
|
|
export NETBIRD_MGMT_API_PORT
|
|
export NETBIRD_MGMT_API_ENDPOINT
|
|
export NETBIRD_LETSENCRYPT_DOMAIN
|
|
export NETBIRD_MGMT_API_CERT_FILE
|
|
export NETBIRD_MGMT_API_CERT_KEY_FILE
|
|
export NETBIRD_AUTH_DEVICE_AUTH_PROVIDER
|
|
export NETBIRD_AUTH_DEVICE_AUTH_CLIENT_ID
|
|
export NETBIRD_AUTH_OIDC_CONFIGURATION_ENDPOINT
|
|
export NETBIRD_AUTH_REDIRECT_URI
|
|
export NETBIRD_AUTH_SILENT_REDIRECT_URI
|
|
export TURN_USER
|
|
export TURN_PASSWORD
|
|
export TURN_MIN_PORT
|
|
export TURN_MAX_PORT
|
|
export VOLUME_PREFIX
|
|
export MGMT_VOLUMESUFFIX
|
|
export SIGNAL_VOLUMESUFFIX
|
|
export LETSENCRYPT_VOLUMESUFFIX
|
|
export NETBIRD_DISABLE_ANONYMOUS_METRICS
|
|
export NETBIRD_MGMT_SINGLE_ACCOUNT_MODE_DOMAIN
|
|
export NETBIRD_MGMT_DNS_DOMAIN
|
|
export NETBIRD_SIGNAL_PROTOCOL
|
|
export NETBIRD_SIGNAL_PORT
|
|
export NETBIRD_AUTH_USER_ID_CLAIM
|
|
export NETBIRD_AUTH_DEVICE_AUTH_AUDIENCE
|
|
export NETBIRD_TOKEN_SOURCE
|
|
export NETBIRD_AUTH_DEVICE_AUTH_SCOPE
|
|
export NETBIRD_AUTH_DEVICE_AUTH_USE_ID_TOKEN
|
|
export NETBIRD_AUTH_PKCE_AUTHORIZATION_ENDPOINT
|
|
export NETBIRD_AUTH_PKCE_USE_ID_TOKEN |