From 22026f0755fcd661e43505b84c600ffd9b3ce456 Mon Sep 17 00:00:00 2001 From: Ilija Matoski Date: Sat, 7 May 2022 21:26:10 +0200 Subject: [PATCH] website/integration: add Weblate integration with SAML (#2786) * added weblate integration * added missing entry in sidebarIntegrations --- .../integrations/services/weblate/index.md | 90 +++++++++++++++++++ website/sidebarsIntegrations.js | 1 + 2 files changed, 91 insertions(+) create mode 100644 website/integrations/services/weblate/index.md diff --git a/website/integrations/services/weblate/index.md b/website/integrations/services/weblate/index.md new file mode 100644 index 000000000..440f3a200 --- /dev/null +++ b/website/integrations/services/weblate/index.md @@ -0,0 +1,90 @@ +--- +title: Weblate +--- + +## What is Weblate + +From https://weblate.org/en/ + +:::note +Weblate is a copylefted libre software web-based continuous localization system, used by over 2500 libre projects and companies in more than 165 countries. +::: + + +## Preparation + +The following placeholders will be used: + +- `weblate.company` is the FQDN of the Weblate install. +- `authentik.company` is the FQDN of the authentik install. +- `weblate-slug` is the slug of the Weblate application + +Create an application in authentik and note the slug, as this will be used later. Create a SAML provider with the following parameters: + +- ACS URL: `https://weblate.company/accounts/complete/saml/` +- Audience: `https://weblate.company/accounts/metadata/saml/` +- Service Provider Binding: Post +- Issuer: `https://authentik.company/application/saml/weblate-slug/sso/binding/redirect/` + +You can of course use a custom signing certificate, and adjust durations. + +## Property mappings + +We need to create some property mappings so our application will work. After you create the property mappings, assign them to the provider. + +### Full name +* Name: `Weblate - Full name` +* SAML Attribute Name: `urn:oid:2.5.4.3` +* Expression +```python +return request.user.name +``` + +### OID_USERID +* Name: `Weblate - OID_USERID` +* SAML Attribute Name: `urn:oid:0.9.2342.19200300.100.1.1` +* Expression +```python +return request.user.username +``` + +### Username +* Name: `Weblate - Username` +* SAML Attribute Name: `username` +* Expression +```python +return request.user.username +``` + +### Email +* Name: `Weblate - Email` +* SAML Attribute Name: `email` +* Expression +```python +return request.user.email +``` + +## Weblate configuration + +The variables bellow need to be set, depending on if you deploy in a container or not you can take a look at the following links + +* https://docs.weblate.org/en/latest/admin/config.html#config +* https://docs.weblate.org/en/latest/admin/install/docker.html#docker-environment + +Variables to set + +* ENABLE_HTTPS: `1` +* SAML_IDP_ENTITY_ID: `https://authentik.company/application/saml/weblate-slug/sso/binding/redirect/` +* SAML_IDP_URL: `https://authentik.company/application/saml/weblate-slug/sso/binding/redirect/` +* SAML_IDP_X509CERT: `MIIFDjCCAvagAwIBAgIRAJV8hH0wGkhGvbhhDKppWIYwDQYJKoZIhvcNAQELBQAw....F9lT9hHwHhsnA=` + +The `SAML_IDP_X509CERT` is the certificate in the SAML Metadata `X509Certificate` key. + +Should you wish to only allow registration and login through Authentik, you should set the following variables as well. + +* REGISTRATION_OPEN: `0` +* REGISTRATION_ALLOW_BACKENDS: `saml` +* REQUIRE_LOGIN: `1` +* NO_EMAIL_AUTH: `1` + +Should you wish to deploy this in a container prefix all the variables with `WEBLATE_` and set them as enviornment variables diff --git a/website/sidebarsIntegrations.js b/website/sidebarsIntegrations.js index 0654c4746..3534a3e7c 100644 --- a/website/sidebarsIntegrations.js +++ b/website/sidebarsIntegrations.js @@ -45,6 +45,7 @@ module.exports = { "services/veeam-enterprise-manager/index", "services/vikunja/index", "services/vmware-vcenter/index", + "services/weblate/index", "services/wekan/index", "services/wiki-js/index", "services/wordpress/index",