2018-08-18 11:41:59 +00:00
|
|
|
|
{% extends "base.html" %}
|
|
|
|
|
|
{% set active_page = "admin_settings" %}
|
2023-02-20 15:35:15 +00:00
|
|
|
|
{% block title %}<title>Authentication Settings - {{ SITE_NAME }}</title>{% endblock %}
|
2023-02-13 04:38:54 +00:00
|
|
|
|
|
2023-02-18 16:04:14 +00:00
|
|
|
|
{% block dashboard_stat %}
|
2023-02-20 15:35:15 +00:00
|
|
|
|
<div class="content-header">
|
|
|
|
|
|
<div class="container-fluid">
|
|
|
|
|
|
<div class="row mb-2">
|
|
|
|
|
|
<div class="col-sm-6">
|
|
|
|
|
|
<h1 class="m-0 text-dark">Authentication Settings</h1>
|
|
|
|
|
|
</div>
|
|
|
|
|
|
<div class="col-sm-6">
|
|
|
|
|
|
<ol class="breadcrumb float-sm-right">
|
|
|
|
|
|
<li class="breadcrumb-item"><a href="{{ url_for('dashboard.dashboard') }}">Home</a></li>
|
2023-04-10 11:39:21 +00:00
|
|
|
|
<li class="breadcrumb-item">Settings</li>
|
2023-02-20 15:35:15 +00:00
|
|
|
|
<li class="breadcrumb-item active">Authentication Settings</li>
|
|
|
|
|
|
</ol>
|
|
|
|
|
|
</div>
|
|
|
|
|
|
</div>
|
2023-02-18 16:04:14 +00:00
|
|
|
|
</div>
|
|
|
|
|
|
</div>
|
2018-08-18 11:41:59 +00:00
|
|
|
|
{% endblock %}
|
2023-02-18 16:04:14 +00:00
|
|
|
|
|
2018-08-18 11:41:59 +00:00
|
|
|
|
{% block content %}
|
2023-02-20 15:35:15 +00:00
|
|
|
|
<section class="content">
|
|
|
|
|
|
<div class="container-fluid">
|
|
|
|
|
|
<div class="row">
|
|
|
|
|
|
<div class="col-12">
|
2023-04-10 20:35:02 +00:00
|
|
|
|
<form id="settings-editor">
|
|
|
|
|
|
<div class="card card-outline card-primary shadow">
|
|
|
|
|
|
<div class="card-header">
|
|
|
|
|
|
<h3 class="card-title">Settings Editor</h3>
|
2023-04-10 11:39:21 +00:00
|
|
|
|
</div>
|
2023-04-10 20:35:02 +00:00
|
|
|
|
<!-- /.card-header -->
|
|
|
|
|
|
<div class="card-body">
|
|
|
|
|
|
<div class="overlay-wrapper" data-bind="visible: loading() || saving()">
|
|
|
|
|
|
<div class="overlay">
|
|
|
|
|
|
<i class="fas fa-3x fa-sync-alt fa-spin"></i>
|
|
|
|
|
|
<div class="text-bold pt-2 pl-2"
|
|
|
|
|
|
data-bind="text: (loading() ? 'Loading' : 'Saving') + ' settings...'"></div>
|
|
|
|
|
|
</div>
|
2023-02-20 15:35:15 +00:00
|
|
|
|
</div>
|
2023-04-10 23:52:18 +00:00
|
|
|
|
<!-- /.overlay-wrapper -->
|
|
|
|
|
|
<div class="alert alert-dismissible alert-success" style="display: none;"
|
|
|
|
|
|
data-bind="visible: saved">
|
|
|
|
|
|
<button type="button" class="close" aria-hidden="true"
|
|
|
|
|
|
data-bind="click: saved(false)">×
|
|
|
|
|
|
</button>
|
|
|
|
|
|
<h5><i class="icon fas fa-check"></i> Saved!</h5>
|
|
|
|
|
|
These settings have been saved to the database.
|
|
|
|
|
|
</div>
|
|
|
|
|
|
<div class="alert alert-dismissible alert-danger" style="display: none;"
|
|
|
|
|
|
data-bind="visible: save_failed">
|
|
|
|
|
|
<button type="button" class="close" aria-hidden="true"
|
|
|
|
|
|
data-bind="click: save_failed(false)">×
|
|
|
|
|
|
</button>
|
|
|
|
|
|
<h5><i class="icon fas fa-ban"></i> Error!</h5>
|
|
|
|
|
|
These settings could <strong>not</strong> be saved to the database!
|
|
|
|
|
|
</div>
|
|
|
|
|
|
<div class="alert alert-dismissible" style="display: none;"
|
|
|
|
|
|
data-bind="visible: messages().length, class: 'alert alert-dismissible alert-' + messages_class()">
|
|
|
|
|
|
<button type="button" class="close" aria-hidden="true"
|
|
|
|
|
|
data-bind="click: messages([])">×
|
|
|
|
|
|
</button>
|
|
|
|
|
|
<h5><i class="icon fas fa-info"></i> Additional Information</h5>
|
|
|
|
|
|
<ul data-bind="foreach: messages">
|
|
|
|
|
|
<li data-bind="text: $data"></li>
|
|
|
|
|
|
</ul>
|
|
|
|
|
|
</div>
|
2023-04-10 20:35:02 +00:00
|
|
|
|
<div class="nav-tabs-custom">
|
|
|
|
|
|
<ul class="nav nav-tabs" role="tablist">
|
|
|
|
|
|
<li class="nav-item">
|
|
|
|
|
|
<a data-tab="local"
|
|
|
|
|
|
data-bind="click: onTabClick, class: 'nav-link' + (tab_active() == 'local' ? ' active' : '')"
|
|
|
|
|
|
href="#" data-toggle="pill" role="tab">Local</a>
|
|
|
|
|
|
</li>
|
|
|
|
|
|
<li class="nav-item">
|
|
|
|
|
|
<a data-tab="ldap"
|
|
|
|
|
|
data-bind="click: onTabClick, class: 'nav-link' + (tab_active() == 'ldap' ? ' active' : '')"
|
|
|
|
|
|
href="#" data-toggle="pill" role="tab">LDAP</a>
|
|
|
|
|
|
</li>
|
|
|
|
|
|
<li class="nav-item">
|
|
|
|
|
|
<a data-tab="google"
|
|
|
|
|
|
data-bind="click: onTabClick, class: 'nav-link' + (tab_active() == 'google' ? ' active' : '')"
|
|
|
|
|
|
href="#" data-toggle="pill" role="tab">Google
|
|
|
|
|
|
OAuth</a>
|
|
|
|
|
|
</li>
|
|
|
|
|
|
<li class="nav-item">
|
|
|
|
|
|
<a data-tab="github"
|
|
|
|
|
|
data-bind="click: onTabClick, class: 'nav-link' + (tab_active() == 'github' ? ' active' : '')"
|
|
|
|
|
|
href="#" data-toggle="pill" role="tab">GitHub
|
|
|
|
|
|
OAuth</a>
|
|
|
|
|
|
</li>
|
|
|
|
|
|
<li class="nav-item">
|
|
|
|
|
|
<a data-tab="azure"
|
|
|
|
|
|
data-bind="click: onTabClick, class: 'nav-link' + (tab_active() == 'azure' ? ' active' : '')"
|
|
|
|
|
|
href="#" data-toggle="pill" role="tab">Azure
|
|
|
|
|
|
OAuth</a>
|
|
|
|
|
|
</li>
|
|
|
|
|
|
<li class="nav-item">
|
|
|
|
|
|
<a data-tab="oidc"
|
|
|
|
|
|
data-bind="click: onTabClick, class: 'nav-link' + (tab_active() == 'oidc' ? ' active' : '')"
|
|
|
|
|
|
href="#" data-toggle="pill" role="tab">OpenID
|
|
|
|
|
|
Connect OAuth</a>
|
|
|
|
|
|
</li>
|
|
|
|
|
|
</ul>
|
|
|
|
|
|
<div class="tab-content">
|
2023-02-20 15:35:15 +00:00
|
|
|
|
|
2023-04-10 23:52:18 +00:00
|
|
|
|
<div data-tab="local"
|
|
|
|
|
|
data-bind="class: 'tab-pane' + (tab_active() == 'local' ? ' active' : '')">
|
2023-04-10 20:35:02 +00:00
|
|
|
|
<div class="row">
|
|
|
|
|
|
<div class="col-12 col-sm-6 col-lg-4">
|
2023-02-20 16:25:25 +00:00
|
|
|
|
<div class="card">
|
|
|
|
|
|
<div class="card-header">
|
2023-04-09 14:11:00 +00:00
|
|
|
|
<h3 class="card-title">Local Authentication Settings</h3>
|
2023-02-20 16:25:25 +00:00
|
|
|
|
</div>
|
2023-02-20 16:39:52 +00:00
|
|
|
|
<!-- /.card-header -->
|
2023-03-17 19:50:08 +00:00
|
|
|
|
<div class="card-body">
|
|
|
|
|
|
<div class="form-group">
|
|
|
|
|
|
<input type="checkbox" id="local_db_enabled"
|
|
|
|
|
|
name="local_db_enabled"
|
|
|
|
|
|
class="checkbox"
|
2023-04-09 14:11:00 +00:00
|
|
|
|
data-bind="checked: local_db_enabled">
|
2023-03-17 19:50:08 +00:00
|
|
|
|
<label for="local_db_enabled">Local DB
|
|
|
|
|
|
Authentication</label>
|
|
|
|
|
|
</div>
|
|
|
|
|
|
<div class="form-group">
|
|
|
|
|
|
<input type="checkbox" id="signup_enabled"
|
|
|
|
|
|
name="signup_enabled"
|
|
|
|
|
|
class="checkbox"
|
2023-04-09 14:11:00 +00:00
|
|
|
|
data-bind="enable: local_db_enabled, checked: signup_enabled">
|
2023-03-17 19:50:08 +00:00
|
|
|
|
<label for="signup_enabled">Allow users to sign
|
|
|
|
|
|
up</label>
|
2023-02-20 16:25:25 +00:00
|
|
|
|
</div>
|
2023-03-17 19:50:08 +00:00
|
|
|
|
<fieldset>
|
|
|
|
|
|
<legend>Password Requirements</legend>
|
2023-03-17 03:42:45 +00:00
|
|
|
|
<div class="form-group">
|
|
|
|
|
|
<input type="checkbox" id="pwd_enforce_characters"
|
2023-03-17 19:50:08 +00:00
|
|
|
|
name="pwd_enforce_characters"
|
|
|
|
|
|
class="checkbox"
|
2023-04-09 14:11:00 +00:00
|
|
|
|
data-bind="enable: local_db_enabled, checked: pwd_enforce_characters">
|
2023-03-17 03:42:45 +00:00
|
|
|
|
<label for="pwd_enforce_characters">
|
|
|
|
|
|
Enforce Character Requirements
|
|
|
|
|
|
</label>
|
|
|
|
|
|
</div>
|
|
|
|
|
|
<div class="form-group">
|
2023-03-17 19:50:08 +00:00
|
|
|
|
<label for="pwd_min_len">Minimum Password
|
|
|
|
|
|
Length</label>
|
2023-03-17 03:42:45 +00:00
|
|
|
|
<input type="text" class="form-control"
|
2023-03-17 19:50:08 +00:00
|
|
|
|
name="pwd_min_len" id="pwd_min_len"
|
2023-04-09 14:11:00 +00:00
|
|
|
|
data-bind="enable: local_db_enabled() && pwd_enforce_characters(), value: pwd_min_len, valueUpdate: 'afterkeydown'">
|
2023-03-17 03:42:45 +00:00
|
|
|
|
</div>
|
|
|
|
|
|
<div class="form-group">
|
2023-03-17 19:50:08 +00:00
|
|
|
|
<label for="pwd_min_lowercase">Minimum Lowercase
|
|
|
|
|
|
Characters</label>
|
2023-03-17 03:42:45 +00:00
|
|
|
|
<input type="text" class="form-control"
|
2023-03-17 19:50:08 +00:00
|
|
|
|
name="pwd_min_lowercase"
|
|
|
|
|
|
id="pwd_min_lowercase"
|
2023-04-09 14:11:00 +00:00
|
|
|
|
data-bind="enable: local_db_enabled() && pwd_enforce_characters(), value: pwd_min_lowercase, valueUpdate: 'afterkeydown'">
|
2023-03-17 03:42:45 +00:00
|
|
|
|
</div>
|
|
|
|
|
|
<div class="form-group">
|
2023-03-17 19:50:08 +00:00
|
|
|
|
<label for="pwd_min_uppercase">Minimum Uppercase
|
|
|
|
|
|
Characters</label>
|
2023-03-17 03:42:45 +00:00
|
|
|
|
<input type="text" class="form-control"
|
2023-03-17 19:50:08 +00:00
|
|
|
|
name="pwd_min_uppercase"
|
|
|
|
|
|
id="pwd_min_uppercase"
|
2023-04-09 14:11:00 +00:00
|
|
|
|
data-bind="enable: local_db_enabled() && pwd_enforce_characters(), value: pwd_min_uppercase, valueUpdate: 'afterkeydown'">
|
2023-03-17 03:42:45 +00:00
|
|
|
|
</div>
|
|
|
|
|
|
<div class="form-group">
|
2023-03-17 19:50:08 +00:00
|
|
|
|
<label for="pwd_min_digits">Minimum Digit
|
|
|
|
|
|
Characters</label>
|
2023-03-17 03:42:45 +00:00
|
|
|
|
<input type="text" class="form-control"
|
2023-03-17 19:50:08 +00:00
|
|
|
|
name="pwd_min_digits" id="pwd_min_digits"
|
2023-04-09 14:11:00 +00:00
|
|
|
|
data-bind="enable: local_db_enabled() && pwd_enforce_characters(), value: pwd_min_digits, valueUpdate: 'afterkeydown'">
|
2023-03-17 03:42:45 +00:00
|
|
|
|
</div>
|
|
|
|
|
|
<div class="form-group">
|
2023-03-17 19:50:08 +00:00
|
|
|
|
<label for="pwd_min_special">Minimum Special
|
|
|
|
|
|
Characters</label>
|
2023-03-17 03:42:45 +00:00
|
|
|
|
<input type="text" class="form-control"
|
2023-03-17 19:50:08 +00:00
|
|
|
|
name="pwd_min_special" id="pwd_min_special"
|
2023-04-09 14:11:00 +00:00
|
|
|
|
data-bind="enable: local_db_enabled() && pwd_enforce_characters(), value: pwd_min_special, valueUpdate: 'afterkeydown'">
|
2023-03-17 03:42:45 +00:00
|
|
|
|
</div>
|
|
|
|
|
|
<div class="form-group">
|
|
|
|
|
|
<input type="checkbox" id="pwd_enforce_complexity"
|
2023-03-17 19:50:08 +00:00
|
|
|
|
name="pwd_enforce_complexity"
|
|
|
|
|
|
class="checkbox"
|
2023-04-09 14:11:00 +00:00
|
|
|
|
data-bind="enable: local_db_enabled, checked: pwd_enforce_complexity">
|
2023-03-17 03:42:45 +00:00
|
|
|
|
<label for="pwd_enforce_complexity">
|
|
|
|
|
|
Enforce Complexity Requirement
|
|
|
|
|
|
</label>
|
|
|
|
|
|
</div>
|
|
|
|
|
|
<div class="form-group">
|
2023-03-17 19:50:08 +00:00
|
|
|
|
<label for="pwd_min_complexity">Minimum Complexity
|
|
|
|
|
|
(zxcvbn)</label>
|
2023-03-17 03:42:45 +00:00
|
|
|
|
<input type="text" class="form-control"
|
2023-03-17 19:50:08 +00:00
|
|
|
|
name="pwd_min_complexity"
|
|
|
|
|
|
id="pwd_min_complexity"
|
2023-04-09 14:11:00 +00:00
|
|
|
|
data-bind="enable: local_db_enabled() && pwd_enforce_complexity(), value: pwd_min_complexity, valueUpdate: 'afterkeydown'">
|
2023-03-17 03:42:45 +00:00
|
|
|
|
</div>
|
2023-03-17 19:50:08 +00:00
|
|
|
|
</fieldset>
|
|
|
|
|
|
</div>
|
2023-02-20 16:39:52 +00:00
|
|
|
|
<!-- /.card-body -->
|
2023-02-20 16:25:25 +00:00
|
|
|
|
</div>
|
2023-02-20 16:39:52 +00:00
|
|
|
|
<!-- /.card -->
|
2023-04-10 20:35:02 +00:00
|
|
|
|
</div>
|
|
|
|
|
|
<!-- /.col -->
|
2023-02-20 16:39:52 +00:00
|
|
|
|
|
2023-04-10 20:35:02 +00:00
|
|
|
|
<div class="col-12 col-sm-6 col-lg-8">
|
|
|
|
|
|
<div class="card">
|
|
|
|
|
|
<div class="card-header">
|
|
|
|
|
|
<h3 class="card-title">Settings Help</h3>
|
|
|
|
|
|
</div>
|
|
|
|
|
|
<!-- /.card-header -->
|
|
|
|
|
|
<div class="card-body">
|
|
|
|
|
|
<dl class="dl-horizontal">
|
|
|
|
|
|
<dt>Local DB Authentication</dt>
|
|
|
|
|
|
<dd>Enable/disable local database authentication.</dd>
|
|
|
|
|
|
<dt>Allow Users to Signup</dt>
|
|
|
|
|
|
<dd>Allow users to signup. This requires local database
|
|
|
|
|
|
authentication
|
|
|
|
|
|
to be enabled.
|
|
|
|
|
|
</dd>
|
|
|
|
|
|
<h4>Password Requirements</h4>
|
|
|
|
|
|
<dd>This section allows you to customize your local DB
|
|
|
|
|
|
password
|
|
|
|
|
|
requirements
|
|
|
|
|
|
and ensure that when users change their password or
|
|
|
|
|
|
signup
|
|
|
|
|
|
they are
|
|
|
|
|
|
picking strong passwords.
|
|
|
|
|
|
</dd>
|
|
|
|
|
|
<dd>Setting any entry field to a blank value will revert
|
|
|
|
|
|
it
|
|
|
|
|
|
back
|
|
|
|
|
|
to default.
|
|
|
|
|
|
</dd>
|
|
|
|
|
|
<dt>Enforce Character Requirements</dt>
|
|
|
|
|
|
<dd>This option will enforce the character type
|
|
|
|
|
|
requirements
|
|
|
|
|
|
for
|
|
|
|
|
|
passwords.
|
|
|
|
|
|
<ul>
|
|
|
|
|
|
<li>Minimum Lowercase Characters - Minimum
|
|
|
|
|
|
number of
|
|
|
|
|
|
lowercase
|
|
|
|
|
|
characters required to appear in the
|
|
|
|
|
|
password.
|
|
|
|
|
|
</li>
|
|
|
|
|
|
<li>Minimum Uppercase Characters - Minimum
|
|
|
|
|
|
number of
|
|
|
|
|
|
uppercase
|
|
|
|
|
|
characters required to appear in the
|
|
|
|
|
|
password.
|
|
|
|
|
|
</li>
|
|
|
|
|
|
<li>Minimum Digit Characters - Minimum number of
|
|
|
|
|
|
digits
|
|
|
|
|
|
required to appear in the password. Digits
|
|
|
|
|
|
include
|
|
|
|
|
|
1234567890.
|
|
|
|
|
|
</li>
|
|
|
|
|
|
<li>Minimum Special Characters - Minimum number
|
|
|
|
|
|
of
|
|
|
|
|
|
special
|
|
|
|
|
|
characters required to appear in the
|
|
|
|
|
|
password.
|
|
|
|
|
|
Special
|
|
|
|
|
|
characters include
|
|
|
|
|
|
`!@#$%^&*()_-=+[]\{}|;:",.></?.
|
|
|
|
|
|
</li>
|
|
|
|
|
|
</ul>
|
|
|
|
|
|
</dd>
|
|
|
|
|
|
<dt>Enforce Complexity Requirement</dt>
|
|
|
|
|
|
<dd>Enable the enforcement of complex passwords. We
|
|
|
|
|
|
currently use
|
|
|
|
|
|
<a href="https://github.com/dropbox/zxcvbn">zxcvbn</a>
|
|
|
|
|
|
for
|
|
|
|
|
|
determining this.
|
|
|
|
|
|
<ul>
|
|
|
|
|
|
<li>Minimum Complexity - The default value of
|
|
|
|
|
|
the
|
|
|
|
|
|
log factor
|
|
|
|
|
|
is 11 as it is considered secure. More
|
|
|
|
|
|
information about
|
|
|
|
|
|
this can be found at
|
|
|
|
|
|
<a href="https://www.usenix.org/system/files/conference/usenixsecurity16/sec16_paper_wheeler.pdf">here</a>
|
|
|
|
|
|
</li>
|
|
|
|
|
|
</ul>
|
|
|
|
|
|
</dd>
|
|
|
|
|
|
</dl>
|
|
|
|
|
|
</div>
|
|
|
|
|
|
<!-- /.card-body -->
|
2018-09-12 15:28:05 +00:00
|
|
|
|
</div>
|
2023-04-10 20:35:02 +00:00
|
|
|
|
<!-- /.card -->
|
2018-08-18 11:41:59 +00:00
|
|
|
|
</div>
|
2023-04-10 20:35:02 +00:00
|
|
|
|
<!-- /.col -->
|
2023-02-20 15:35:15 +00:00
|
|
|
|
</div>
|
2023-04-10 20:35:02 +00:00
|
|
|
|
<!-- /.row -->
|
2023-02-20 16:25:25 +00:00
|
|
|
|
</div>
|
2023-04-10 20:35:02 +00:00
|
|
|
|
<!-- /.tab-pane -->
|
2023-02-20 15:35:15 +00:00
|
|
|
|
|
2023-04-10 23:52:18 +00:00
|
|
|
|
<div data-tab="ldap"
|
|
|
|
|
|
data-bind="class: 'tab-pane' + (tab_active() == 'ldap' ? ' active' : '')">
|
2023-04-10 20:35:02 +00:00
|
|
|
|
<div class="row">
|
|
|
|
|
|
<div class="col-12 col-sm-6 col-lg-4">
|
|
|
|
|
|
{% if error %}
|
|
|
|
|
|
<div class="alert alert-danger alert-dismissible">
|
|
|
|
|
|
<button type="button" class="close" data-dismiss="alert"
|
|
|
|
|
|
aria-hidden="true">×
|
|
|
|
|
|
</button>
|
|
|
|
|
|
<h4><i class="icon fa fa-ban"></i> Error!</h4>
|
|
|
|
|
|
{{ error }}
|
|
|
|
|
|
</div>
|
|
|
|
|
|
{% endif %}
|
2023-02-20 15:35:15 +00:00
|
|
|
|
<div class="card">
|
|
|
|
|
|
<div class="card-header">
|
2023-04-09 14:11:00 +00:00
|
|
|
|
<h3 class="card-title">LDAP Authentication Settings</h3>
|
2023-02-20 15:35:15 +00:00
|
|
|
|
</div>
|
2023-02-20 16:39:52 +00:00
|
|
|
|
<!-- /.card-header -->
|
2023-02-20 15:35:15 +00:00
|
|
|
|
<div class="card-body">
|
|
|
|
|
|
<fieldset>
|
|
|
|
|
|
<div class="form-group">
|
|
|
|
|
|
<input type="checkbox" id="ldap_enabled"
|
|
|
|
|
|
name="ldap_enabled"
|
|
|
|
|
|
class="checkbox"
|
2023-04-09 14:11:00 +00:00
|
|
|
|
data-bind="checked: ldap_enabled">
|
2023-02-20 15:35:15 +00:00
|
|
|
|
<label for="ldap_enabled">Enable LDAP
|
|
|
|
|
|
Authentication</label>
|
|
|
|
|
|
</div>
|
|
|
|
|
|
<div class="form-group">
|
|
|
|
|
|
<label>Type</label>
|
|
|
|
|
|
<div class="radio">
|
|
|
|
|
|
<label>
|
|
|
|
|
|
<input type="radio" name="ldap_type"
|
2023-04-09 14:11:00 +00:00
|
|
|
|
id="ldap_type_openldap"
|
2023-02-20 15:35:15 +00:00
|
|
|
|
value="ldap"
|
2023-04-09 14:11:00 +00:00
|
|
|
|
data-bind="enable: ldap_enabled, checked: ldap_type">
|
2023-02-20 15:35:15 +00:00
|
|
|
|
OpenLDAP
|
|
|
|
|
|
</label>
|
|
|
|
|
|
|
|
|
|
|
|
<label>
|
2023-04-09 14:11:00 +00:00
|
|
|
|
<input type="radio" name="ldap_type"
|
|
|
|
|
|
id="ldap_type_ad"
|
2023-02-20 15:35:15 +00:00
|
|
|
|
value="ad"
|
2023-04-09 14:11:00 +00:00
|
|
|
|
data-bind="enable: ldap_enabled, checked: ldap_type">
|
2023-02-20 15:35:15 +00:00
|
|
|
|
Active Directory
|
|
|
|
|
|
</label>
|
|
|
|
|
|
</div>
|
|
|
|
|
|
</div>
|
|
|
|
|
|
</fieldset>
|
|
|
|
|
|
<fieldset>
|
2023-03-17 19:50:08 +00:00
|
|
|
|
<legend>Administrator Info</legend>
|
2023-02-20 15:35:15 +00:00
|
|
|
|
<div class="form-group">
|
|
|
|
|
|
<label for="ldap_uri">LDAP URI</label>
|
|
|
|
|
|
<input type="text" class="form-control"
|
|
|
|
|
|
name="ldap_uri"
|
|
|
|
|
|
id="ldap_uri"
|
|
|
|
|
|
placeholder="e.g. ldaps://your-ldap-server:636"
|
2023-04-09 14:11:00 +00:00
|
|
|
|
data-bind="enable: ldap_enabled, value: ldap_uri, valueUpdate: 'afterkeydown'">
|
2023-02-20 15:35:15 +00:00
|
|
|
|
</div>
|
|
|
|
|
|
<div class="form-group">
|
|
|
|
|
|
<label for="ldap_base_dn">LDAP Base DN</label>
|
|
|
|
|
|
<input type="text" class="form-control"
|
|
|
|
|
|
name="ldap_base_dn"
|
|
|
|
|
|
id="ldap_base_dn"
|
|
|
|
|
|
placeholder="e.g. dc=mydomain,dc=com"
|
2023-04-09 14:11:00 +00:00
|
|
|
|
data-bind="enable: ldap_enabled, value: ldap_base_dn, valueUpdate: 'afterkeydown'">
|
2023-02-20 15:35:15 +00:00
|
|
|
|
<span class="help-block with-errors"></span>
|
|
|
|
|
|
</div>
|
2023-04-10 20:35:02 +00:00
|
|
|
|
<div class="form-group"
|
|
|
|
|
|
data-bind="visible: ldap_type() == 'ldap'">
|
|
|
|
|
|
<label for="ldap_admin_username">LDAP admin
|
|
|
|
|
|
username</label>
|
|
|
|
|
|
<input type="text" class="form-control"
|
|
|
|
|
|
name="ldap_admin_username"
|
|
|
|
|
|
id="ldap_admin_username"
|
|
|
|
|
|
placeholder="e.g. cn=admin,dc=mydomain,dc=com"
|
|
|
|
|
|
data-bind="enable: ldap_enabled() && ldap_type() == 'ldap', value: ldap_admin_username, valueUpdate: 'afterkeydown'">
|
|
|
|
|
|
<span class="help-block with-errors"></span>
|
2023-02-20 15:35:15 +00:00
|
|
|
|
</div>
|
2023-04-10 20:35:02 +00:00
|
|
|
|
<div class="form-group"
|
|
|
|
|
|
data-bind="visible: ldap_type() == 'ldap'">
|
|
|
|
|
|
<label for="ldap_admin_password">LDAP admin
|
|
|
|
|
|
password</label>
|
|
|
|
|
|
<input type="password" class="form-control"
|
|
|
|
|
|
name="ldap_admin_password"
|
|
|
|
|
|
id="ldap_admin_password"
|
|
|
|
|
|
placeholder="LDAP Admin password"
|
|
|
|
|
|
data-bind="enable: ldap_enabled() && ldap_type() == 'ldap', value: ldap_admin_password, valueUpdate: 'afterkeydown'">
|
|
|
|
|
|
<span class="help-block with-errors"></span>
|
|
|
|
|
|
</div>
|
|
|
|
|
|
<div class="form-group"
|
|
|
|
|
|
data-bind="visible: ldap_type() == 'ad'">
|
|
|
|
|
|
<label for="ldap_domain">Active Directory
|
|
|
|
|
|
domain</label>
|
|
|
|
|
|
<input type="text" class="form-control"
|
|
|
|
|
|
name="ldap_domain" id="ldap_domain"
|
|
|
|
|
|
placeholder="Active Directory domain"
|
|
|
|
|
|
data-bind="enable: ldap_enabled() && ldap_type() == 'ad', value: ldap_domain, valueUpdate: 'afterkeydown'">
|
|
|
|
|
|
<span class="help-block with-errors"></span>
|
2023-02-20 15:35:15 +00:00
|
|
|
|
</div>
|
|
|
|
|
|
</fieldset>
|
|
|
|
|
|
<fieldset>
|
2023-03-17 19:50:08 +00:00
|
|
|
|
<legend>Filters</legend>
|
2023-02-20 15:35:15 +00:00
|
|
|
|
<div class="form-group">
|
|
|
|
|
|
<label for="ldap_filter_basic">Basic filter</label>
|
|
|
|
|
|
<input type="text" class="form-control"
|
|
|
|
|
|
name="ldap_filter_basic"
|
|
|
|
|
|
id="ldap_filter_basic"
|
|
|
|
|
|
placeholder="e.g. (objectClass=inetorgperson)"
|
2023-04-09 14:11:00 +00:00
|
|
|
|
data-bind="enable: ldap_enabled, value: ldap_filter_basic, valueUpdate: 'afterkeydown'">
|
2023-02-20 15:35:15 +00:00
|
|
|
|
<span class="help-block with-errors"></span>
|
|
|
|
|
|
</div>
|
|
|
|
|
|
<div class="form-group">
|
|
|
|
|
|
<label for="ldap_filter_username">Username
|
|
|
|
|
|
field</label>
|
|
|
|
|
|
<input type="text" class="form-control"
|
|
|
|
|
|
name="ldap_filter_username"
|
|
|
|
|
|
id="ldap_filter_username"
|
|
|
|
|
|
placeholder="e.g. uid"
|
2023-04-09 14:11:00 +00:00
|
|
|
|
data-bind="enable: ldap_enabled, value: ldap_filter_username, valueUpdate: 'afterkeydown'">
|
2023-02-20 15:35:15 +00:00
|
|
|
|
<span class="help-block with-errors"></span>
|
|
|
|
|
|
</div>
|
2023-04-10 20:35:02 +00:00
|
|
|
|
<div class="form-group"
|
|
|
|
|
|
data-bind="visible: ldap_enabled() && ldap_type() == 'ldap'">
|
|
|
|
|
|
<label for="ldap_filter_group">Group
|
|
|
|
|
|
filter</label>
|
|
|
|
|
|
<input type="text" class="form-control"
|
|
|
|
|
|
name="ldap_filter_group"
|
|
|
|
|
|
id="ldap_filter_group"
|
|
|
|
|
|
placeholder="e.g. (objectclass=groupOfNames)"
|
|
|
|
|
|
data-bind="enable: ldap_enabled() && ldap_type() == 'ldap', value: ldap_filter_group, valueUpdate: 'afterkeydown'">
|
|
|
|
|
|
<span class="help-block with-errors"></span>
|
|
|
|
|
|
</div>
|
|
|
|
|
|
<div class="form-group"
|
|
|
|
|
|
data-bind="visible: ldap_enabled() && ldap_type() == 'ldap'">
|
|
|
|
|
|
<label for="ldap_filter_groupname">Group name
|
|
|
|
|
|
field</label>
|
|
|
|
|
|
<input type="text" class="form-control"
|
|
|
|
|
|
name="ldap_filter_groupname"
|
|
|
|
|
|
id="ldap_filter_groupname"
|
|
|
|
|
|
placeholder="e.g. member"
|
|
|
|
|
|
data-bind="enable: ldap_enabled() && ldap_type() == 'ldap', value: ldap_filter_groupname, valueUpdate: 'afterkeydown'">
|
|
|
|
|
|
<span class="help-block with-errors"></span>
|
2023-02-20 15:35:15 +00:00
|
|
|
|
</div>
|
|
|
|
|
|
</fieldset>
|
|
|
|
|
|
<fieldset>
|
2023-03-17 19:50:08 +00:00
|
|
|
|
<legend>Group Security</legend>
|
2023-02-20 15:35:15 +00:00
|
|
|
|
<div class="form-group">
|
|
|
|
|
|
<label>Status</label>
|
|
|
|
|
|
<div class="radio">
|
|
|
|
|
|
<label>
|
|
|
|
|
|
<input type="radio" name="ldap_sg_enabled"
|
2023-04-11 22:50:47 +00:00
|
|
|
|
id="ldap_sg_off" value="false"
|
|
|
|
|
|
data-bind="enable: ldap_enabled, checked: ldap_sg_enabled, checkedValue: false">
|
2023-02-20 15:35:15 +00:00
|
|
|
|
OFF
|
|
|
|
|
|
</label>
|
|
|
|
|
|
|
|
|
|
|
|
<label>
|
|
|
|
|
|
<input type="radio" name="ldap_sg_enabled"
|
2023-04-11 22:50:47 +00:00
|
|
|
|
id="ldap_sg_on" value="true"
|
|
|
|
|
|
data-bind="enable: ldap_enabled, checked: ldap_sg_enabled, checkedValue: true">
|
2023-02-20 15:35:15 +00:00
|
|
|
|
ON
|
|
|
|
|
|
</label>
|
|
|
|
|
|
</div>
|
|
|
|
|
|
</div>
|
|
|
|
|
|
<div class="form-group">
|
|
|
|
|
|
<label for="ldap_admin_group">Admin group</label>
|
|
|
|
|
|
<input type="text" class="form-control"
|
|
|
|
|
|
name="ldap_admin_group" id="ldap_admin_group"
|
|
|
|
|
|
placeholder="e.g. cn=sysops,dc=mydomain,dc=com"
|
2023-04-09 14:11:00 +00:00
|
|
|
|
data-bind="enable: ldap_enabled() && ldap_sg_enabled(), value: ldap_admin_group, valueUpdate: 'afterkeydown'">
|
2023-02-20 15:35:15 +00:00
|
|
|
|
<span class="help-block with-errors"></span>
|
|
|
|
|
|
</div>
|
|
|
|
|
|
<div class="form-group">
|
|
|
|
|
|
<label for="ldap_operator_group">Operator
|
|
|
|
|
|
group</label>
|
|
|
|
|
|
<input type="text" class="form-control"
|
|
|
|
|
|
name="ldap_operator_group"
|
|
|
|
|
|
id="ldap_operator_group"
|
|
|
|
|
|
placeholder="e.g. cn=operators,dc=mydomain,dc=com"
|
2023-04-09 14:11:00 +00:00
|
|
|
|
data-bind="enable: ldap_enabled() && ldap_sg_enabled(), value: ldap_operator_group, valueUpdate: 'afterkeydown'">
|
2023-02-20 15:35:15 +00:00
|
|
|
|
<span class="help-block with-errors"></span>
|
|
|
|
|
|
</div>
|
|
|
|
|
|
<div class="form-group">
|
|
|
|
|
|
<label for="ldap_user_group">User group</label>
|
|
|
|
|
|
<input type="text" class="form-control"
|
|
|
|
|
|
name="ldap_user_group" id="ldap_user_group"
|
|
|
|
|
|
placeholder="e.g. cn=users,dc=mydomain,dc=com"
|
2023-04-09 14:11:00 +00:00
|
|
|
|
data-bind="enable: ldap_enabled() && ldap_sg_enabled(), value: ldap_user_group, valueUpdate: 'afterkeydown'">
|
2023-02-20 15:35:15 +00:00
|
|
|
|
<span class="help-block with-errors"></span>
|
|
|
|
|
|
</div>
|
|
|
|
|
|
</fieldset>
|
|
|
|
|
|
<fieldset>
|
|
|
|
|
|
<legend>ADVANCE</legend>
|
|
|
|
|
|
<div class="form-group">
|
|
|
|
|
|
<label>Roles Autoprovisioning</label>
|
|
|
|
|
|
<div class="radio">
|
|
|
|
|
|
<label>
|
|
|
|
|
|
<input type="radio" name="autoprovisioning"
|
2023-04-11 22:50:47 +00:00
|
|
|
|
id="autoprovisioning_off" value="false"
|
|
|
|
|
|
data-bind="enable: ldap_enabled, checked: autoprovisioning, checkedValue: false">
|
2023-02-20 15:35:15 +00:00
|
|
|
|
OFF
|
|
|
|
|
|
</label>
|
|
|
|
|
|
|
|
|
|
|
|
<label>
|
|
|
|
|
|
<input type="radio" name="autoprovisioning"
|
2023-04-11 22:50:47 +00:00
|
|
|
|
id="autoprovisioning_on" value="true"
|
|
|
|
|
|
data-bind="enable: ldap_enabled, checked: autoprovisioning, checkedValue: true">
|
2023-02-20 15:35:15 +00:00
|
|
|
|
ON
|
2023-04-09 14:11:00 +00:00
|
|
|
|
</label>
|
2023-02-20 15:35:15 +00:00
|
|
|
|
</div>
|
|
|
|
|
|
</div>
|
|
|
|
|
|
<div class="form-group">
|
|
|
|
|
|
<label for="autoprovisioning_attribute">Roles
|
|
|
|
|
|
provisioning
|
|
|
|
|
|
field</label>
|
|
|
|
|
|
<input type="text" class="form-control"
|
|
|
|
|
|
name="autoprovisioning_attribute"
|
|
|
|
|
|
id="autoprovisioning_attribute"
|
|
|
|
|
|
placeholder="e.g. eduPersonEntitlement"
|
2023-04-09 14:11:00 +00:00
|
|
|
|
data-bind="enable: ldap_enabled() && autoprovisioning(), value: autoprovisioning_attribute, valueUpdate: 'afterkeydown'">
|
2023-02-20 15:35:15 +00:00
|
|
|
|
<span class="help-block with-errors"></span>
|
|
|
|
|
|
</div>
|
|
|
|
|
|
|
|
|
|
|
|
<div
|
|
|
|
|
|
class="form-group {% if error %}has-error{% endif %}">
|
|
|
|
|
|
<label for="urn_value">Urn prefix</label>
|
|
|
|
|
|
<input type="text" class="form-control"
|
|
|
|
|
|
name="urn_value"
|
|
|
|
|
|
id="urn_value"
|
|
|
|
|
|
placeholder="e.g. urn:mace:<yourOrganization>"
|
2023-04-09 14:11:00 +00:00
|
|
|
|
data-bind="enable: ldap_enabled() && autoprovisioning(), value: urn_value, valueUpdate: 'afterkeydown'">
|
2023-02-20 15:35:15 +00:00
|
|
|
|
{% if error %}
|
|
|
|
|
|
<span class="help-block with-errors">Please input the correct prefix for your urn value</span>
|
|
|
|
|
|
{% endif %}
|
|
|
|
|
|
</div>
|
|
|
|
|
|
<div class="form-group">
|
|
|
|
|
|
<label>Purge Roles If Empty</label>
|
|
|
|
|
|
<div class="radio">
|
|
|
|
|
|
<label>
|
|
|
|
|
|
<input type="radio" name="purge"
|
|
|
|
|
|
id="purge_off"
|
2023-04-11 22:50:47 +00:00
|
|
|
|
value="false"
|
|
|
|
|
|
data-bind="enable: ldap_enabled() && autoprovisioning(), checked: purge, checkedValue: false">
|
2023-02-20 15:35:15 +00:00
|
|
|
|
OFF
|
|
|
|
|
|
</label>
|
|
|
|
|
|
|
|
|
|
|
|
<label>
|
|
|
|
|
|
<input type="radio" name="purge"
|
|
|
|
|
|
id="purge_on"
|
2023-04-11 22:50:47 +00:00
|
|
|
|
value="true"
|
|
|
|
|
|
data-bind="enable: ldap_enabled() && autoprovisioning(), checked: purge, checkedValue: true">
|
2023-02-20 15:35:15 +00:00
|
|
|
|
ON
|
2023-04-10 16:49:12 +00:00
|
|
|
|
</label>
|
2023-02-20 15:35:15 +00:00
|
|
|
|
</div>
|
|
|
|
|
|
</div>
|
2023-04-10 20:35:02 +00:00
|
|
|
|
<div class="callout callout-warning"
|
|
|
|
|
|
data-bind="visible: purge() === 1">
|
|
|
|
|
|
<h5>Notice!</h5>
|
|
|
|
|
|
<p>Users will lose their associated zones unless
|
|
|
|
|
|
they already have their auto-provisioning field
|
|
|
|
|
|
prepopulated.</p>
|
|
|
|
|
|
</div>
|
2023-02-20 15:35:15 +00:00
|
|
|
|
</fieldset>
|
|
|
|
|
|
</div>
|
2023-02-20 16:39:52 +00:00
|
|
|
|
<!-- /.card-body -->
|
2020-01-08 22:23:40 +00:00
|
|
|
|
</div>
|
2023-02-20 16:39:52 +00:00
|
|
|
|
<!-- /.card -->
|
2023-04-10 20:35:02 +00:00
|
|
|
|
</div>
|
|
|
|
|
|
<!-- /.col -->
|
2023-02-20 16:39:52 +00:00
|
|
|
|
|
2023-04-10 20:35:02 +00:00
|
|
|
|
<div class="col-12 col-sm-6 col-lg-8">
|
|
|
|
|
|
<div class="card">
|
|
|
|
|
|
<div class="card-header">
|
|
|
|
|
|
<h3 class="card-title">Settings Help</h3>
|
|
|
|
|
|
</div>
|
|
|
|
|
|
<!-- /.card-header -->
|
|
|
|
|
|
<div class="card-body">
|
|
|
|
|
|
<dl class="dl-horizontal">
|
|
|
|
|
|
<dt>Enable LDAP Authentication</dt>
|
|
|
|
|
|
<dd>Turn on / off the LDAP authentication.</dd>
|
|
|
|
|
|
<dt>Type</dt>
|
|
|
|
|
|
<dd>Select your current directory service type.
|
|
|
|
|
|
<ul>
|
|
|
|
|
|
<li>
|
|
|
|
|
|
OpenLDAP - Open source implementation of the
|
|
|
|
|
|
Lightweight
|
|
|
|
|
|
Directory Access Protocol.
|
|
|
|
|
|
</li>
|
|
|
|
|
|
<li>
|
|
|
|
|
|
Active Directory - Active Directory is a
|
|
|
|
|
|
directory
|
|
|
|
|
|
service that Microsoft developed for the
|
|
|
|
|
|
Windows
|
|
|
|
|
|
domain
|
|
|
|
|
|
networks.
|
|
|
|
|
|
</li>
|
|
|
|
|
|
</ul>
|
|
|
|
|
|
</dd>
|
|
|
|
|
|
<dt>ADMINISTRATOR INFO</dt>
|
|
|
|
|
|
<dd>Your LDAP connection string and admin credential
|
|
|
|
|
|
used by
|
|
|
|
|
|
PDA to
|
|
|
|
|
|
query user information.
|
|
|
|
|
|
<ul>
|
|
|
|
|
|
<li>
|
|
|
|
|
|
LDAP URI - The fully qualified domain names
|
|
|
|
|
|
of
|
|
|
|
|
|
your
|
|
|
|
|
|
directory servers. (e.g.
|
|
|
|
|
|
ldap://127.0.0.1:389)
|
|
|
|
|
|
</li>
|
|
|
|
|
|
<li>
|
|
|
|
|
|
LDAP Base DN - The point from where a PDA
|
|
|
|
|
|
will
|
|
|
|
|
|
search
|
|
|
|
|
|
for users.
|
|
|
|
|
|
</li>
|
|
|
|
|
|
<li>
|
|
|
|
|
|
LDAP admin username - Your LDAP
|
|
|
|
|
|
administrator
|
|
|
|
|
|
user which
|
|
|
|
|
|
has permission to query information in the
|
|
|
|
|
|
Base
|
|
|
|
|
|
DN
|
|
|
|
|
|
above. Not needed for Active Directory
|
|
|
|
|
|
authentication.
|
|
|
|
|
|
</li>
|
|
|
|
|
|
<li>
|
|
|
|
|
|
LDAP admin password - The password of LDAP
|
|
|
|
|
|
administrator
|
|
|
|
|
|
user. Not needed for Active Directory
|
|
|
|
|
|
authentication.
|
|
|
|
|
|
</li>
|
|
|
|
|
|
<li>
|
|
|
|
|
|
Active Directory domain - Active Directory
|
|
|
|
|
|
domain used.
|
|
|
|
|
|
</li>
|
|
|
|
|
|
</ul>
|
|
|
|
|
|
</dd>
|
|
|
|
|
|
<dt>FILTERS</dt>
|
|
|
|
|
|
<dd>Define how you want to filter your user in LDAP
|
|
|
|
|
|
query.
|
|
|
|
|
|
<ul>
|
|
|
|
|
|
<li>
|
|
|
|
|
|
Basic filter - The filter that will be
|
|
|
|
|
|
applied
|
|
|
|
|
|
to all
|
|
|
|
|
|
LDAP query by PDA. (e.g.
|
|
|
|
|
|
<i>(objectClass=inetorgperson)</i> for
|
|
|
|
|
|
OpenLDAP
|
|
|
|
|
|
and
|
|
|
|
|
|
<i>(objectClass=organizationalPerson)</i>
|
|
|
|
|
|
for Active Directory)
|
|
|
|
|
|
</li>
|
|
|
|
|
|
<li>
|
|
|
|
|
|
Username field - The field PDA will look for
|
|
|
|
|
|
user's
|
|
|
|
|
|
username. (e.g. <i>uid</i> for OpenLDAP and
|
|
|
|
|
|
<i>sAMAccountName</i>
|
|
|
|
|
|
for Active Directory)
|
|
|
|
|
|
</li>
|
|
|
|
|
|
<li>
|
|
|
|
|
|
Group filter - The filter that will be
|
|
|
|
|
|
applied
|
|
|
|
|
|
to all
|
|
|
|
|
|
LDAP group queries by PDA. (e.g. <i>(objectClass=groupOfNames)</i>
|
|
|
|
|
|
for OpenLDAP)
|
|
|
|
|
|
</li>
|
|
|
|
|
|
<li>
|
|
|
|
|
|
Group name field - The field PDA will look
|
|
|
|
|
|
for
|
|
|
|
|
|
group
|
|
|
|
|
|
names. (e.g. <i>member</i> for OpenLDAP)
|
|
|
|
|
|
</li>
|
|
|
|
|
|
</ul>
|
|
|
|
|
|
</dd>
|
|
|
|
|
|
<dt>GROUP SECURITY</dt>
|
|
|
|
|
|
<dd>User can be assigned to PDA's User or Admin group by
|
|
|
|
|
|
matching
|
|
|
|
|
|
following LDAP Group.
|
|
|
|
|
|
<ul>
|
|
|
|
|
|
<li>
|
|
|
|
|
|
Status - Turn on / off group security
|
|
|
|
|
|
feature.
|
|
|
|
|
|
</li>
|
|
|
|
|
|
<li>
|
|
|
|
|
|
Admin group - Your LDAP admin group.
|
|
|
|
|
|
</li>
|
|
|
|
|
|
<li>
|
|
|
|
|
|
Operator group - Your LDAP operator group.
|
|
|
|
|
|
</li>
|
|
|
|
|
|
<li>
|
|
|
|
|
|
User group - Your LDAP user group.
|
|
|
|
|
|
</li>
|
|
|
|
|
|
</ul>
|
|
|
|
|
|
</dd>
|
|
|
|
|
|
<dt>ADVANCE</dt>
|
|
|
|
|
|
<dd> Provision PDA user privileges based on LDAP Object
|
|
|
|
|
|
Attributes.
|
|
|
|
|
|
Alternative to Group Security Role Management.
|
|
|
|
|
|
<ul>
|
|
|
|
|
|
<li>
|
|
|
|
|
|
Roles Autoprovisioning - If toggled on, the
|
|
|
|
|
|
PDA
|
|
|
|
|
|
Role and
|
|
|
|
|
|
the associations of users found in the local
|
|
|
|
|
|
db,
|
|
|
|
|
|
will be
|
|
|
|
|
|
instantly updated from the LDAP server every
|
|
|
|
|
|
time they
|
|
|
|
|
|
log in.
|
|
|
|
|
|
</li>
|
|
|
|
|
|
<li>
|
|
|
|
|
|
Roles provisioning field - The attribute in
|
|
|
|
|
|
the
|
|
|
|
|
|
ldap
|
|
|
|
|
|
server populated by the urn values where PDA
|
|
|
|
|
|
will look
|
|
|
|
|
|
for a new Role and/or new associations to
|
|
|
|
|
|
domains/accounts.
|
|
|
|
|
|
</li>
|
|
|
|
|
|
<li>
|
|
|
|
|
|
Urn prefix - The prefix used before the
|
|
|
|
|
|
static
|
|
|
|
|
|
keyword
|
|
|
|
|
|
"powerdns-admin" for your entitlements in
|
|
|
|
|
|
the
|
|
|
|
|
|
ldap
|
|
|
|
|
|
server. Must comply with RFC no.8141.
|
|
|
|
|
|
</li>
|
|
|
|
|
|
<li>
|
|
|
|
|
|
Purge Roles If Empty - If toggled on, ldap
|
|
|
|
|
|
entries that
|
|
|
|
|
|
have no valid "powerdns-admin" records to
|
|
|
|
|
|
their
|
|
|
|
|
|
autoprovisioning field, will lose all their
|
|
|
|
|
|
associations
|
|
|
|
|
|
with any zone or account, also reverting to
|
|
|
|
|
|
a
|
|
|
|
|
|
User in
|
|
|
|
|
|
the process, despite their current role in
|
|
|
|
|
|
the
|
|
|
|
|
|
local db.<br>
|
|
|
|
|
|
If toggled off, in the same scenario they
|
|
|
|
|
|
get to
|
|
|
|
|
|
keep
|
|
|
|
|
|
their existing associations and their
|
|
|
|
|
|
current
|
|
|
|
|
|
Role.
|
|
|
|
|
|
</li>
|
|
|
|
|
|
</ul>
|
|
|
|
|
|
</dd>
|
|
|
|
|
|
</dl>
|
|
|
|
|
|
</div>
|
|
|
|
|
|
<!-- /.card-body -->
|
2023-02-20 15:42:25 +00:00
|
|
|
|
</div>
|
2023-04-10 20:35:02 +00:00
|
|
|
|
<!-- /.card -->
|
2023-02-20 15:42:25 +00:00
|
|
|
|
</div>
|
2023-04-10 20:35:02 +00:00
|
|
|
|
<!-- /.col -->
|
2023-02-20 15:35:15 +00:00
|
|
|
|
</div>
|
2023-04-10 20:35:02 +00:00
|
|
|
|
<!-- /.row -->
|
2023-02-20 15:35:15 +00:00
|
|
|
|
</div>
|
2023-04-10 20:35:02 +00:00
|
|
|
|
<!-- /.tab-pane -->
|
2023-02-20 15:35:15 +00:00
|
|
|
|
|
2023-04-10 21:28:54 +00:00
|
|
|
|
<div data-tab="google"
|
2023-04-10 23:52:18 +00:00
|
|
|
|
data-bind="class: 'tab-pane' + (tab_active() == 'google' ? ' active' : '')">
|
2023-04-10 20:35:02 +00:00
|
|
|
|
<div class="row">
|
|
|
|
|
|
<div class="col-12 col-sm-6 col-lg-4">
|
2023-02-20 16:25:25 +00:00
|
|
|
|
<div class="card">
|
|
|
|
|
|
<div class="card-header">
|
|
|
|
|
|
<h3 class="card-title">Google OAuth Settings</h3>
|
|
|
|
|
|
</div>
|
2023-02-20 16:39:52 +00:00
|
|
|
|
<!-- /.card-header -->
|
2023-02-20 16:25:25 +00:00
|
|
|
|
<div class="card-body">
|
2023-04-10 20:35:02 +00:00
|
|
|
|
<div class="form-group">
|
|
|
|
|
|
<input type="checkbox" id="google_oauth_enabled"
|
|
|
|
|
|
name="google_oauth_enabled" class="checkbox"
|
|
|
|
|
|
data-bind="checked: google_oauth_enabled">
|
|
|
|
|
|
<label for="google_oauth_enabled">Enable Google
|
|
|
|
|
|
OAuth</label>
|
|
|
|
|
|
</div>
|
|
|
|
|
|
<div class="form-group">
|
|
|
|
|
|
<label for="google_oauth_client_id">Client
|
|
|
|
|
|
ID</label>
|
|
|
|
|
|
<input type="text" class="form-control"
|
|
|
|
|
|
name="google_oauth_client_id"
|
|
|
|
|
|
id="google_oauth_client_id"
|
|
|
|
|
|
placeholder="Google OAuth Client ID"
|
|
|
|
|
|
data-bind="enable: google_oauth_enabled, value: google_oauth_client_id, valueUpdate: 'afterkeydown'">
|
|
|
|
|
|
<span class="help-block with-errors"></span>
|
|
|
|
|
|
</div>
|
|
|
|
|
|
<div class="form-group">
|
|
|
|
|
|
<label for="google_oauth_client_secret">Client
|
|
|
|
|
|
Secret</label>
|
|
|
|
|
|
<input type="text" class="form-control"
|
|
|
|
|
|
name="google_oauth_client_secret"
|
|
|
|
|
|
id="google_oauth_client_secret"
|
|
|
|
|
|
placeholder="Google OAuth Client Secret"
|
|
|
|
|
|
data-bind="enable: google_oauth_enabled, value: google_oauth_client_secret, valueUpdate: 'afterkeydown'">
|
|
|
|
|
|
<span class="help-block with-errors"></span>
|
|
|
|
|
|
</div>
|
|
|
|
|
|
<div class="form-group">
|
|
|
|
|
|
<label for="google_oauth_scope">Scope</label>
|
|
|
|
|
|
<input type="text" class="form-control"
|
|
|
|
|
|
name="google_oauth_scope"
|
|
|
|
|
|
id="google_oauth_scope"
|
|
|
|
|
|
placeholder="e.g. email profile"
|
|
|
|
|
|
data-bind="enable: google_oauth_enabled, value: google_oauth_scope, valueUpdate: 'afterkeydown'">
|
|
|
|
|
|
<span class="help-block with-errors"></span>
|
|
|
|
|
|
</div>
|
|
|
|
|
|
<div class="form-group">
|
|
|
|
|
|
<label for="google_base_url">API URL</label>
|
|
|
|
|
|
<input type="text" class="form-control"
|
|
|
|
|
|
name="google_base_url" id="google_base_url"
|
|
|
|
|
|
placeholder="e.g. https://www.googleapis.com/oauth2/v3/"
|
|
|
|
|
|
data-bind="enable: google_oauth_enabled, value: google_base_url, valueUpdate: 'afterkeydown'">
|
|
|
|
|
|
<span class="help-block with-errors"></span>
|
|
|
|
|
|
</div>
|
|
|
|
|
|
<div class="form-group">
|
|
|
|
|
|
<input type="checkbox"
|
|
|
|
|
|
id="google_oauth_auto_configure"
|
|
|
|
|
|
name="google_oauth_auto_configure"
|
|
|
|
|
|
class="checkbox"
|
2023-04-10 21:28:54 +00:00
|
|
|
|
data-bind="enable: google_oauth_enabled, checked: google_oauth_auto_configure">
|
2023-04-10 20:35:02 +00:00
|
|
|
|
<label for="google_oauth_auto_configure">Enable
|
|
|
|
|
|
Google
|
|
|
|
|
|
OAuth Auto-Configuration</label>
|
|
|
|
|
|
</div>
|
|
|
|
|
|
<div class="form-group"
|
|
|
|
|
|
data-bind="visible: google_oauth_auto_configure">
|
|
|
|
|
|
<label for="google_oauth_metadata_url">Metadata
|
|
|
|
|
|
URL</label>
|
|
|
|
|
|
<input type="text" class="form-control"
|
|
|
|
|
|
name="google_oauth_metadata_url"
|
|
|
|
|
|
id="google_oauth_metadata_url"
|
|
|
|
|
|
placeholder="e.g. https://accounts.google.com/.well-known/openid-configuration"
|
|
|
|
|
|
data-bind="enable: google_oauth_enabled() && google_oauth_auto_configure(), value: google_oauth_metadata_url, valueUpdate: 'afterkeydown'">
|
|
|
|
|
|
<span class="help-block with-errors"></span>
|
|
|
|
|
|
</div>
|
|
|
|
|
|
<div class="form-group"
|
|
|
|
|
|
data-bind="hidden: google_oauth_auto_configure">
|
|
|
|
|
|
<label for="google_token_url">Token URL</label>
|
|
|
|
|
|
<input type="text" class="form-control"
|
|
|
|
|
|
name="google_token_url" id="google_token_url"
|
|
|
|
|
|
placeholder="e.g. https://oauth2.googleapis.com/token"
|
|
|
|
|
|
data-bind="enable: google_oauth_enabled() && !google_oauth_auto_configure(), value: google_token_url, valueUpdate: 'afterkeydown'">
|
|
|
|
|
|
<span class="help-block with-errors"></span>
|
|
|
|
|
|
</div>
|
|
|
|
|
|
<div class="form-group"
|
|
|
|
|
|
data-bind="hidden: google_oauth_auto_configure">
|
|
|
|
|
|
<label for="google_authorize_url">Authorize
|
|
|
|
|
|
URL</label>
|
|
|
|
|
|
<input type="text" class="form-control"
|
|
|
|
|
|
name="google_authorize_url"
|
|
|
|
|
|
id="google_authorize_url"
|
|
|
|
|
|
placeholder="e.g. https://accounts.google.com/o/oauth2/v2/auth"
|
|
|
|
|
|
data-bind="enable: google_oauth_enabled() && !google_oauth_auto_configure(), value: google_authorize_url, valueUpdate: 'afterkeydown'">
|
|
|
|
|
|
<span class="help-block with-errors"></span>
|
|
|
|
|
|
</div>
|
2023-02-20 16:25:25 +00:00
|
|
|
|
</div>
|
2023-02-20 16:39:52 +00:00
|
|
|
|
<!-- /.card-body -->
|
2020-01-08 22:23:40 +00:00
|
|
|
|
</div>
|
2023-02-20 16:39:52 +00:00
|
|
|
|
<!-- /.card -->
|
2023-04-10 20:35:02 +00:00
|
|
|
|
</div>
|
|
|
|
|
|
<!-- /.col -->
|
2023-02-20 16:39:52 +00:00
|
|
|
|
|
2023-04-10 20:35:02 +00:00
|
|
|
|
<div class="col-12 col-sm-6 col-lg-8">
|
|
|
|
|
|
<div class="card">
|
|
|
|
|
|
<div class="card-header">
|
|
|
|
|
|
<h3 class="card-title">Settings Help</h3>
|
|
|
|
|
|
</div>
|
|
|
|
|
|
<!-- /.card-header -->
|
|
|
|
|
|
<div class="card-body">
|
|
|
|
|
|
<p>Fill in all the fields in the left form.</p>
|
|
|
|
|
|
<p>Make sure you add PDA redirection URI (e.g
|
|
|
|
|
|
http://localhost:9191/google/authorized) to your Google
|
|
|
|
|
|
App
|
|
|
|
|
|
Credentials Restriction.</p>
|
|
|
|
|
|
</div>
|
|
|
|
|
|
<!-- /.card-body -->
|
2021-08-05 17:37:48 +00:00
|
|
|
|
</div>
|
2023-04-10 20:35:02 +00:00
|
|
|
|
<!-- /.card -->
|
2021-08-05 17:37:48 +00:00
|
|
|
|
</div>
|
2023-04-10 20:35:02 +00:00
|
|
|
|
<!-- /.col -->
|
2023-02-20 15:35:15 +00:00
|
|
|
|
</div>
|
2023-04-10 20:35:02 +00:00
|
|
|
|
<!-- /.row -->
|
2023-02-20 15:35:15 +00:00
|
|
|
|
</div>
|
2023-04-10 20:35:02 +00:00
|
|
|
|
<!-- /.tab-pane -->
|
2021-08-05 17:37:48 +00:00
|
|
|
|
|
2023-04-10 21:28:54 +00:00
|
|
|
|
<div data-tab="github"
|
2023-04-10 23:52:18 +00:00
|
|
|
|
data-bind="class: 'tab-pane' + (tab_active() == 'github' ? ' active' : '')">
|
2023-04-10 20:35:02 +00:00
|
|
|
|
<div class="row">
|
|
|
|
|
|
<div class="col-12 col-sm-6 col-lg-4">
|
2023-02-20 16:25:25 +00:00
|
|
|
|
<div class="card">
|
|
|
|
|
|
<div class="card-header">
|
|
|
|
|
|
<h3 class="card-title">GitHub OAuth Settings</h3>
|
2023-02-20 15:35:15 +00:00
|
|
|
|
</div>
|
2023-02-20 16:39:52 +00:00
|
|
|
|
<!-- /.card-header -->
|
2023-02-20 16:25:25 +00:00
|
|
|
|
<div class="card-body">
|
2023-04-10 20:35:02 +00:00
|
|
|
|
<div class="form-group">
|
|
|
|
|
|
<input type="checkbox" id="github_oauth_enabled"
|
|
|
|
|
|
name="github_oauth_enabled" class="checkbox"
|
|
|
|
|
|
data-bind="checked: github_oauth_enabled">
|
|
|
|
|
|
<label for="github_oauth_enabled">Enable GitHub
|
|
|
|
|
|
OAuth</label>
|
|
|
|
|
|
</div>
|
|
|
|
|
|
<div class="form-group">
|
|
|
|
|
|
<label for="github_oauth_key">Client ID</label>
|
|
|
|
|
|
<input type="text" class="form-control"
|
|
|
|
|
|
name="github_oauth_key" id="github_oauth_key"
|
|
|
|
|
|
placeholder="Github OAuth Client ID"
|
|
|
|
|
|
data-bind="enable: github_oauth_enabled, value: github_oauth_key, valueUpdate: 'afterkeydown'">
|
|
|
|
|
|
<span class="help-block with-errors"></span>
|
|
|
|
|
|
</div>
|
|
|
|
|
|
<div class="form-group">
|
|
|
|
|
|
<label for="github_oauth_secret">Client
|
|
|
|
|
|
Secret</label>
|
|
|
|
|
|
<input type="text" class="form-control"
|
|
|
|
|
|
name="github_oauth_secret"
|
|
|
|
|
|
id="github_oauth_secret"
|
|
|
|
|
|
placeholder="Github OAuth Client Secret"
|
|
|
|
|
|
data-bind="enable: github_oauth_enabled, value: github_oauth_secret, valueUpdate: 'afterkeydown'">
|
|
|
|
|
|
<span class="help-block with-errors"></span>
|
|
|
|
|
|
</div>
|
|
|
|
|
|
<div class="form-group">
|
|
|
|
|
|
<label for="github_oauth_scope">Scope</label>
|
|
|
|
|
|
<input type="text" class="form-control"
|
|
|
|
|
|
name="github_oauth_scope"
|
|
|
|
|
|
id="github_oauth_scope"
|
|
|
|
|
|
placeholder="e.g. email"
|
|
|
|
|
|
data-bind="enable: github_oauth_enabled, value: github_oauth_scope, valueUpdate: 'afterkeydown'">
|
|
|
|
|
|
<span class="help-block with-errors"></span>
|
|
|
|
|
|
</div>
|
|
|
|
|
|
<div class="form-group">
|
|
|
|
|
|
<label for="github_oauth_api_url">API URL</label>
|
|
|
|
|
|
<input type="text" class="form-control"
|
|
|
|
|
|
name="github_oauth_api_url"
|
|
|
|
|
|
id="github_oauth_api_url"
|
|
|
|
|
|
placeholder="e.g. https://api.github.com/user"
|
|
|
|
|
|
data-bind="enable: github_oauth_enabled, value: github_oauth_api_url, valueUpdate: 'afterkeydown'">
|
|
|
|
|
|
<span class="help-block with-errors"></span>
|
|
|
|
|
|
</div>
|
|
|
|
|
|
<div class="form-group">
|
|
|
|
|
|
<input type="checkbox"
|
|
|
|
|
|
id="github_oauth_auto_configure"
|
|
|
|
|
|
name="github_oauth_auto_configure"
|
|
|
|
|
|
class="checkbox"
|
2023-04-10 21:28:54 +00:00
|
|
|
|
data-bind="enable: github_oauth_enabled, checked: github_oauth_auto_configure">
|
2023-04-10 20:35:02 +00:00
|
|
|
|
<label for="github_oauth_auto_configure">Enable
|
|
|
|
|
|
GitHub
|
|
|
|
|
|
OAuth Auto-Configuration</label>
|
|
|
|
|
|
</div>
|
|
|
|
|
|
<div class="form-group"
|
|
|
|
|
|
data-bind="visible: github_oauth_auto_configure">
|
|
|
|
|
|
<label for="github_oauth_metadata_url">Metadata
|
|
|
|
|
|
URL</label>
|
|
|
|
|
|
<input type="text" class="form-control"
|
|
|
|
|
|
name="github_oauth_metadata_url"
|
|
|
|
|
|
id="github_oauth_metadata_url"
|
|
|
|
|
|
placeholder="e.g. https://{yourDomain}/.well-known/oauth-metadata.json"
|
|
|
|
|
|
data-bind="enable: github_oauth_enabled() && github_oauth_auto_configure(), value: github_oauth_metadata_url, valueUpdate: 'afterkeydown'">
|
|
|
|
|
|
<span class="help-block with-errors"></span>
|
|
|
|
|
|
</div>
|
|
|
|
|
|
<div class="form-group"
|
|
|
|
|
|
data-bind="hidden: github_oauth_auto_configure">
|
|
|
|
|
|
<label for="github_oauth_token_url">Token
|
|
|
|
|
|
URL</label>
|
|
|
|
|
|
<input type="text" class="form-control"
|
|
|
|
|
|
name="github_oauth_token_url"
|
|
|
|
|
|
id="github_oauth_token_url"
|
|
|
|
|
|
placeholder="e.g. https://github.com/login/oauth/access_token"
|
|
|
|
|
|
data-bind="enable: github_oauth_enabled() && !github_oauth_auto_configure(), value: github_oauth_token_url, valueUpdate: 'afterkeydown'">
|
|
|
|
|
|
<span class="help-block with-errors"></span>
|
|
|
|
|
|
</div>
|
|
|
|
|
|
<div class="form-group"
|
|
|
|
|
|
data-bind="hidden: github_oauth_auto_configure">
|
|
|
|
|
|
<label for="github_oauth_authorize_url">Authorize
|
|
|
|
|
|
URL</label>
|
|
|
|
|
|
<input type="text" class="form-control"
|
|
|
|
|
|
name="github_oauth_authorize_url"
|
|
|
|
|
|
id="github_oauth_authorize_url"
|
|
|
|
|
|
placeholder="e.g. https://github.com/login/oauth/authorize"
|
|
|
|
|
|
data-bind="enable: github_oauth_enabled() && !github_oauth_auto_configure(), value: github_oauth_authorize_url, valueUpdate: 'afterkeydown'">
|
|
|
|
|
|
<span class="help-block with-errors"></span>
|
|
|
|
|
|
</div>
|
2023-02-20 15:35:15 +00:00
|
|
|
|
</div>
|
2023-02-20 16:39:52 +00:00
|
|
|
|
<!-- /.card-body -->
|
2021-08-05 17:37:48 +00:00
|
|
|
|
</div>
|
2023-02-20 16:39:52 +00:00
|
|
|
|
<!-- /.card -->
|
2023-04-10 20:35:02 +00:00
|
|
|
|
</div>
|
|
|
|
|
|
<!-- /.col -->
|
2023-02-20 16:39:52 +00:00
|
|
|
|
|
2023-04-10 20:35:02 +00:00
|
|
|
|
<div class="col-12 col-sm-6 col-lg-8">
|
|
|
|
|
|
<div class="card">
|
|
|
|
|
|
<div class="card-header">
|
|
|
|
|
|
<h3 class="card-title">Settings Help</h3>
|
|
|
|
|
|
</div>
|
|
|
|
|
|
<!-- /.card-header -->
|
|
|
|
|
|
<div class="card-body">
|
|
|
|
|
|
<p>Fill in all the fields in the left form.</p>
|
|
|
|
|
|
</div>
|
|
|
|
|
|
<!-- /.card-body -->
|
2023-02-20 16:25:25 +00:00
|
|
|
|
</div>
|
2023-04-10 20:35:02 +00:00
|
|
|
|
<!-- /.card -->
|
2023-02-20 16:25:25 +00:00
|
|
|
|
</div>
|
2023-04-10 20:35:02 +00:00
|
|
|
|
<!-- /.col -->
|
2023-02-20 15:35:15 +00:00
|
|
|
|
</div>
|
2023-04-10 20:35:02 +00:00
|
|
|
|
<!-- /.row -->
|
2023-02-20 15:35:15 +00:00
|
|
|
|
</div>
|
2023-04-10 20:35:02 +00:00
|
|
|
|
<!-- /.tab-pane -->
|
2023-02-20 15:35:15 +00:00
|
|
|
|
|
2023-04-10 23:52:18 +00:00
|
|
|
|
<div data-tab="azure"
|
|
|
|
|
|
data-bind="class: 'tab-pane' + (tab_active() == 'azure' ? ' active' : '')">
|
2023-04-10 20:35:02 +00:00
|
|
|
|
<div class="row">
|
|
|
|
|
|
<div class="col-12 col-sm-6 col-lg-4">
|
2023-02-20 16:25:25 +00:00
|
|
|
|
<div class="card">
|
|
|
|
|
|
<div class="card-header">
|
2023-04-09 14:11:00 +00:00
|
|
|
|
<h3 class="card-title">Azure OAuth Settings</h3>
|
2023-02-20 15:35:15 +00:00
|
|
|
|
</div>
|
2023-02-20 16:39:52 +00:00
|
|
|
|
<!-- /.card-header -->
|
2023-02-20 16:25:25 +00:00
|
|
|
|
<div class="card-body">
|
2023-04-10 20:35:02 +00:00
|
|
|
|
<div class="form-group">
|
|
|
|
|
|
<input type="checkbox" id="azure_oauth_enabled"
|
|
|
|
|
|
name="azure_oauth_enabled" class="checkbox"
|
|
|
|
|
|
data-bind="checked: azure_oauth_enabled">
|
|
|
|
|
|
<label for="azure_oauth_enabled">Enable Microsoft
|
|
|
|
|
|
Azure
|
|
|
|
|
|
OAuth</label>
|
|
|
|
|
|
</div>
|
|
|
|
|
|
<div class="form-group">
|
|
|
|
|
|
<label for="azure_oauth_key">Client ID</label>
|
|
|
|
|
|
<input type="text" class="form-control"
|
|
|
|
|
|
name="azure_oauth_key" id="azure_oauth_key"
|
|
|
|
|
|
placeholder="Azure OAuth Client ID"
|
|
|
|
|
|
data-bind="enable: azure_oauth_enabled, value: azure_oauth_key, valueUpdate: 'afterkeydown'">
|
|
|
|
|
|
<span class="help-block with-errors"></span>
|
|
|
|
|
|
</div>
|
|
|
|
|
|
<div class="form-group">
|
|
|
|
|
|
<label for="azure_oauth_secret">Client
|
|
|
|
|
|
Secret</label>
|
|
|
|
|
|
<input type="text" class="form-control"
|
|
|
|
|
|
name="azure_oauth_secret"
|
|
|
|
|
|
id="azure_oauth_secret"
|
|
|
|
|
|
placeholder="Azure OAuth Client Secret"
|
|
|
|
|
|
data-bind="enable: azure_oauth_enabled, value: azure_oauth_secret, valueUpdate: 'afterkeydown'">
|
|
|
|
|
|
<span class="help-block with-errors"></span>
|
|
|
|
|
|
</div>
|
|
|
|
|
|
<div class="form-group">
|
|
|
|
|
|
<label for="azure_oauth_scope">Scope</label>
|
|
|
|
|
|
<input type="text" class="form-control"
|
|
|
|
|
|
name="azure_oauth_scope"
|
|
|
|
|
|
id="azure_oauth_scope"
|
|
|
|
|
|
placeholder="e.g. email"
|
|
|
|
|
|
data-bind="enable: azure_oauth_enabled, value: azure_oauth_scope, valueUpdate: 'afterkeydown'">
|
|
|
|
|
|
<span class="help-block with-errors"></span>
|
|
|
|
|
|
</div>
|
|
|
|
|
|
<div class="form-group">
|
|
|
|
|
|
<label for="azure_oauth_api_url">API URL</label>
|
|
|
|
|
|
<input type="text" class="form-control"
|
|
|
|
|
|
name="azure_oauth_api_url"
|
|
|
|
|
|
id="azure_oauth_api_url"
|
|
|
|
|
|
placeholder="e.g. https://graph.microsoft.com/v1.0/"
|
|
|
|
|
|
data-bind="enable: azure_oauth_enabled, value: azure_oauth_api_url, valueUpdate: 'afterkeydown'">
|
|
|
|
|
|
<span class="help-block with-errors"></span>
|
|
|
|
|
|
</div>
|
|
|
|
|
|
<div class="form-group">
|
|
|
|
|
|
<input type="checkbox"
|
|
|
|
|
|
id="azure_oauth_auto_configure"
|
|
|
|
|
|
name="azure_oauth_auto_configure"
|
|
|
|
|
|
class="checkbox"
|
2023-04-10 21:28:54 +00:00
|
|
|
|
data-bind="enable: azure_oauth_enabled, checked: azure_oauth_auto_configure">
|
2023-04-10 20:35:02 +00:00
|
|
|
|
<label for="azure_oauth_auto_configure">Enable Azure
|
|
|
|
|
|
OAuth Auto-Configuration</label>
|
|
|
|
|
|
</div>
|
|
|
|
|
|
<div class="form-group"
|
|
|
|
|
|
data-bind="visible: azure_oauth_auto_configure">
|
|
|
|
|
|
<label for="azure_oauth_metadata_url">Metadata
|
|
|
|
|
|
URL</label>
|
|
|
|
|
|
<input type="text" class="form-control"
|
|
|
|
|
|
name="azure_oauth_metadata_url"
|
|
|
|
|
|
id="azure_oauth_metadata_url"
|
|
|
|
|
|
placeholder="e.g. https://login.microsoftonline.com/{TENANCY_ID}/v2.0/.well-known/openid-configuration"
|
|
|
|
|
|
data-bind="enable: azure_oauth_enabled() && azure_oauth_auto_configure(), value: azure_oauth_metadata_url, valueUpdate: 'afterkeydown'">
|
|
|
|
|
|
<span class="help-block with-errors"></span>
|
|
|
|
|
|
</div>
|
|
|
|
|
|
<div class="form-group"
|
|
|
|
|
|
data-bind="hidden: azure_oauth_auto_configure">
|
|
|
|
|
|
<label for="azure_oauth_token_url">Token URL</label>
|
|
|
|
|
|
<input type="text" class="form-control"
|
|
|
|
|
|
name="azure_oauth_token_url"
|
|
|
|
|
|
id="azure_oauth_token_url"
|
|
|
|
|
|
placeholder="e.g. https://login.microsoftonline.com/{TENANCY_ID}/oauth2/v2.0/token"
|
|
|
|
|
|
data-bind="enable: azure_oauth_enabled() && !azure_oauth_auto_configure(), value: azure_oauth_token_url, valueUpdate: 'afterkeydown'">
|
|
|
|
|
|
<span class="help-block with-errors"></span>
|
|
|
|
|
|
</div>
|
|
|
|
|
|
<div class="form-group"
|
|
|
|
|
|
data-bind="hidden: azure_oauth_auto_configure">
|
|
|
|
|
|
<label for="azure_oauth_authorize_url">Authorize
|
|
|
|
|
|
URL</label>
|
|
|
|
|
|
<input type="text" class="form-control"
|
|
|
|
|
|
name="azure_oauth_authorize_url"
|
|
|
|
|
|
id="azure_oauth_authorize_url"
|
|
|
|
|
|
placeholder="e.g. https://login.microsoftonline.com/{TENANCY_ID}/oauth2/v2.0/authorize"
|
|
|
|
|
|
data-bind="enable: azure_oauth_enabled() && !azure_oauth_auto_configure(), value: azure_oauth_authorize_url, valueUpdate: 'afterkeydown'">
|
|
|
|
|
|
<span class="help-block with-errors"></span>
|
|
|
|
|
|
</div>
|
2023-02-20 16:25:25 +00:00
|
|
|
|
<fieldset>
|
2023-03-17 19:50:08 +00:00
|
|
|
|
<legend>Group Security</legend>
|
2023-02-20 16:25:25 +00:00
|
|
|
|
<div class="form-group">
|
|
|
|
|
|
<label>Status</label>
|
|
|
|
|
|
<div class="radio">
|
|
|
|
|
|
<label>
|
|
|
|
|
|
<input type="radio" name="azure_sg_enabled"
|
2023-04-11 22:50:47 +00:00
|
|
|
|
id="azure_sg_off" value="false"
|
|
|
|
|
|
data-bind="enable: azure_oauth_enabled, checked: azure_sg_enabled, checkedValue: false">
|
2023-02-20 16:25:25 +00:00
|
|
|
|
OFF
|
|
|
|
|
|
</label>
|
|
|
|
|
|
|
|
|
|
|
|
<label>
|
|
|
|
|
|
<input type="radio" name="azure_sg_enabled"
|
2023-04-11 22:50:47 +00:00
|
|
|
|
id="azure_sg_on" value="true"
|
|
|
|
|
|
data-bind="enable: azure_oauth_enabled, checked: azure_sg_enabled, checkedValue: true">
|
2023-02-20 16:25:25 +00:00
|
|
|
|
ON
|
|
|
|
|
|
</label>
|
|
|
|
|
|
</div>
|
|
|
|
|
|
</div>
|
|
|
|
|
|
<div class="form-group">
|
|
|
|
|
|
<label for="azure_admin_group">Admin group</label>
|
|
|
|
|
|
<input type="text" class="form-control"
|
|
|
|
|
|
name="azure_admin_group"
|
|
|
|
|
|
id="azure_admin_group"
|
|
|
|
|
|
placeholder="e.g. 00000000-0000-0000-0000-000000000000"
|
2023-04-09 14:11:00 +00:00
|
|
|
|
data-bind="enable: azure_oauth_enabled() && azure_sg_enabled(), value: azure_admin_group, valueUpdate: 'afterkeydown'">
|
2023-02-20 16:25:25 +00:00
|
|
|
|
<span class="help-block with-errors"></span>
|
|
|
|
|
|
</div>
|
|
|
|
|
|
<div class="form-group">
|
|
|
|
|
|
<label for="azure_operator_group">Operator
|
|
|
|
|
|
group</label>
|
|
|
|
|
|
<input type="text" class="form-control"
|
|
|
|
|
|
name="azure_operator_group"
|
|
|
|
|
|
id="azure_operator_group"
|
|
|
|
|
|
placeholder="e.g. 00000000-0000-0000-0000-000000000000"
|
2023-04-09 14:11:00 +00:00
|
|
|
|
data-bind="enable: azure_oauth_enabled() && azure_sg_enabled(), value: azure_operator_group, valueUpdate: 'afterkeydown'">
|
2023-02-20 16:25:25 +00:00
|
|
|
|
<span class="help-block with-errors"></span>
|
|
|
|
|
|
</div>
|
|
|
|
|
|
<div class="form-group">
|
|
|
|
|
|
<label for="azure_user_group">User group</label>
|
|
|
|
|
|
<input type="text" class="form-control"
|
|
|
|
|
|
name="azure_user_group" id="azure_user_group"
|
|
|
|
|
|
placeholder="e.g. 00000000-0000-0000-0000-000000000000"
|
2023-04-09 14:11:00 +00:00
|
|
|
|
data-bind="enable: azure_oauth_enabled() && azure_sg_enabled(), value: azure_user_group, valueUpdate: 'afterkeydown'">
|
2023-02-20 16:25:25 +00:00
|
|
|
|
<span class="help-block with-errors"></span>
|
|
|
|
|
|
</div>
|
|
|
|
|
|
</fieldset>
|
|
|
|
|
|
<fieldset>
|
2023-03-17 19:50:08 +00:00
|
|
|
|
<legend>Azure Group Account Sync / Creation</legend>
|
2023-02-20 16:25:25 +00:00
|
|
|
|
<div class="form-group">
|
|
|
|
|
|
<label
|
|
|
|
|
|
for="azure_group_accounts_enabled">Status</label>
|
|
|
|
|
|
<div class="radio">
|
|
|
|
|
|
<label>
|
|
|
|
|
|
<input type="radio"
|
|
|
|
|
|
name="azure_group_accounts_enabled"
|
|
|
|
|
|
id="azure_group_accounts_off"
|
2023-04-11 22:50:47 +00:00
|
|
|
|
value="false"
|
|
|
|
|
|
data-bind="enable: azure_oauth_enabled, checked: azure_group_accounts_enabled, checkedValue: false">
|
2023-02-20 16:25:25 +00:00
|
|
|
|
OFF
|
|
|
|
|
|
</label>
|
|
|
|
|
|
|
|
|
|
|
|
<label>
|
|
|
|
|
|
<input type="radio"
|
|
|
|
|
|
name="azure_group_accounts_enabled"
|
|
|
|
|
|
id="azure_group_accounts_on"
|
2023-04-11 22:50:47 +00:00
|
|
|
|
value="true"
|
|
|
|
|
|
data-bind="enable: azure_oauth_enabled, checked: azure_group_accounts_enabled, checkedValue: true">
|
2023-02-20 16:25:25 +00:00
|
|
|
|
ON
|
|
|
|
|
|
</label>
|
|
|
|
|
|
</div>
|
|
|
|
|
|
</div>
|
|
|
|
|
|
<div class="form-group">
|
|
|
|
|
|
<label for="azure_group_accounts_name">Azure group
|
|
|
|
|
|
name
|
|
|
|
|
|
claim</label>
|
|
|
|
|
|
<input type="text" class="form-control"
|
|
|
|
|
|
name="azure_group_accounts_name"
|
|
|
|
|
|
id="azure_group_accounts_name"
|
|
|
|
|
|
placeholder="e.g. displayName"
|
2023-04-09 14:11:00 +00:00
|
|
|
|
data-bind="enable: azure_oauth_enabled() && azure_group_accounts_enabled(), value: azure_group_accounts_name, valueUpdate: 'afterkeydown'">
|
2023-02-20 16:25:25 +00:00
|
|
|
|
<span class="help-block with-errors"></span>
|
|
|
|
|
|
</div>
|
|
|
|
|
|
<div class="form-group">
|
|
|
|
|
|
<label for="azure_group_accounts_name_re">Azure
|
|
|
|
|
|
group name
|
|
|
|
|
|
claim regex</label>
|
|
|
|
|
|
<input type="text" class="form-control"
|
|
|
|
|
|
name="azure_group_accounts_name_re"
|
|
|
|
|
|
id="azure_group_accounts_name_re"
|
|
|
|
|
|
placeholder="e.g. (.*)"
|
2023-04-09 14:11:00 +00:00
|
|
|
|
data-bind="enable: azure_oauth_enabled() && azure_group_accounts_enabled(), value: azure_group_accounts_name_re, valueUpdate: 'afterkeydown'">
|
2023-02-20 16:25:25 +00:00
|
|
|
|
<span class="help-block with-errors"></span>
|
|
|
|
|
|
</div>
|
|
|
|
|
|
<div class="form-group">
|
|
|
|
|
|
<label for="azure_group_accounts_description">Azure
|
|
|
|
|
|
group
|
|
|
|
|
|
description claim</label>
|
|
|
|
|
|
<input type="text" class="form-control"
|
|
|
|
|
|
name="azure_group_accounts_description"
|
|
|
|
|
|
id="azure_group_accounts_description"
|
|
|
|
|
|
placeholder="e.g. description. If empty uses whole string"
|
2023-04-09 14:11:00 +00:00
|
|
|
|
data-bind="enable: azure_oauth_enabled() && azure_group_accounts_enabled(), value: azure_group_accounts_description, valueUpdate: 'afterkeydown'">
|
2023-02-20 16:25:25 +00:00
|
|
|
|
<span class="help-block with-errors"></span>
|
|
|
|
|
|
</div>
|
|
|
|
|
|
<div class="form-group">
|
2023-02-20 16:39:52 +00:00
|
|
|
|
<label for="azure_group_accounts_description_re">Azure
|
2023-02-20 16:25:25 +00:00
|
|
|
|
group name
|
|
|
|
|
|
description regex</label>
|
|
|
|
|
|
<input type="text" class="form-control"
|
|
|
|
|
|
name="azure_group_accounts_description_re"
|
|
|
|
|
|
id="azure_group_accounts_description_re"
|
|
|
|
|
|
placeholder="e.g. (.*). If empty uses whole string"
|
2023-04-09 14:11:00 +00:00
|
|
|
|
data-bind="enable: azure_oauth_enabled() && azure_group_accounts_enabled(), value: azure_group_accounts_description_re, valueUpdate: 'afterkeydown'">
|
2023-02-20 16:25:25 +00:00
|
|
|
|
<span class="help-block with-errors"></span>
|
|
|
|
|
|
</div>
|
|
|
|
|
|
</fieldset>
|
2023-02-20 15:35:15 +00:00
|
|
|
|
</div>
|
2023-02-20 16:39:52 +00:00
|
|
|
|
<!-- /.card-body -->
|
2023-02-20 15:35:15 +00:00
|
|
|
|
</div>
|
2023-02-20 16:39:52 +00:00
|
|
|
|
<!-- /.card -->
|
2023-04-10 20:35:02 +00:00
|
|
|
|
</div>
|
|
|
|
|
|
<!-- /.col -->
|
2023-02-20 16:39:52 +00:00
|
|
|
|
|
2023-04-10 20:35:02 +00:00
|
|
|
|
<div class="col-12 col-sm-6 col-lg-8">
|
|
|
|
|
|
<div class="card">
|
|
|
|
|
|
<div class="card-header">
|
|
|
|
|
|
<h3 class="card-title">Settings Help</h3>
|
|
|
|
|
|
</div>
|
|
|
|
|
|
<!-- /.card-header -->
|
|
|
|
|
|
<div class="card-body">
|
|
|
|
|
|
<p>Fill in all the fields in the left form.</p>
|
|
|
|
|
|
<p>You first need to define an Application Registration in
|
|
|
|
|
|
your
|
|
|
|
|
|
Azure
|
|
|
|
|
|
Active Directory, with the appropriate HTTPS URL for
|
|
|
|
|
|
this
|
|
|
|
|
|
endpoint,
|
|
|
|
|
|
and with the appropriate rights, as explained in the
|
|
|
|
|
|
documentation.</p>
|
|
|
|
|
|
<p>
|
|
|
|
|
|
<ul>
|
|
|
|
|
|
<li>Under the Azure Active Directory, select App
|
|
|
|
|
|
Registrations, and
|
|
|
|
|
|
create a new one. Give it any name you want, and the
|
|
|
|
|
|
Redirect
|
|
|
|
|
|
URI shoule be type 'Web' and of the format <b>https://powerdnsadmin/azure/authorized</b>
|
|
|
|
|
|
(replace the host name approriately).
|
|
|
|
|
|
</li>
|
|
|
|
|
|
<li>Select the newly-created registration</li>
|
|
|
|
|
|
<li>On the Overview page, the Application ID is your new
|
|
|
|
|
|
Client ID
|
|
|
|
|
|
to use with PowerDNS-Admin
|
|
|
|
|
|
</li>
|
|
|
|
|
|
<li>On the Overview page, make a note of your
|
|
|
|
|
|
Directory/Tenant ID -
|
|
|
|
|
|
you need it for the API URLs later
|
|
|
|
|
|
</li>
|
|
|
|
|
|
<li>Ensure Access Tokens are enabled in the
|
|
|
|
|
|
Authentication
|
|
|
|
|
|
section
|
|
|
|
|
|
</li>
|
|
|
|
|
|
<li>Under Certificates and Secrets, create a new Client
|
|
|
|
|
|
Secret. Note
|
|
|
|
|
|
this secret as it is the new Client Secret to use
|
|
|
|
|
|
with
|
|
|
|
|
|
PowerDNS-Admin
|
|
|
|
|
|
</li>
|
|
|
|
|
|
<li>Under API Permissions, you need to add permissions.
|
|
|
|
|
|
Add
|
|
|
|
|
|
permissions for Graph API, Delegated. Add: email,
|
|
|
|
|
|
openid,
|
|
|
|
|
|
profile, GroupMember.Read, User.Read and possibly
|
|
|
|
|
|
User.Read.All.
|
|
|
|
|
|
You then need to grant admin approval for your
|
|
|
|
|
|
organisation.
|
|
|
|
|
|
</li>
|
|
|
|
|
|
<li>For the Scope, use <b>User.Read openid mail
|
|
|
|
|
|
profile</b>
|
|
|
|
|
|
</li>
|
|
|
|
|
|
<li>Replace the [tenantID] in the default URLs for
|
|
|
|
|
|
authorize
|
|
|
|
|
|
and
|
|
|
|
|
|
token with your Tenant ID.
|
|
|
|
|
|
</li>
|
|
|
|
|
|
</ul>
|
|
|
|
|
|
</p>
|
|
|
|
|
|
<p>If <b>AZURE GROUP ACCOUNT SYNC/CREATION</b> is enabled,
|
|
|
|
|
|
Accounts will
|
|
|
|
|
|
be created automatically based on group membership. If
|
|
|
|
|
|
an
|
|
|
|
|
|
Account
|
|
|
|
|
|
exists, an authenticated user with group membership is
|
|
|
|
|
|
added
|
|
|
|
|
|
to the
|
|
|
|
|
|
Account</p>
|
|
|
|
|
|
</div>
|
|
|
|
|
|
<!-- /.card-body -->
|
2023-02-20 16:25:25 +00:00
|
|
|
|
</div>
|
2023-04-10 20:35:02 +00:00
|
|
|
|
<!-- /.card -->
|
2023-02-20 16:25:25 +00:00
|
|
|
|
</div>
|
2023-04-10 20:35:02 +00:00
|
|
|
|
<!-- /.col -->
|
2018-08-18 11:41:59 +00:00
|
|
|
|
</div>
|
2023-04-10 20:35:02 +00:00
|
|
|
|
<!-- /.row -->
|
2023-02-18 16:04:14 +00:00
|
|
|
|
</div>
|
2023-04-10 20:35:02 +00:00
|
|
|
|
<!-- /.tab-pane -->
|
2023-02-20 15:35:15 +00:00
|
|
|
|
|
2023-04-10 23:52:18 +00:00
|
|
|
|
<div data-tab="oidc"
|
|
|
|
|
|
data-bind="class: 'tab-pane' + (tab_active() == 'oidc' ? ' active' : '')">
|
2023-04-10 20:35:02 +00:00
|
|
|
|
<div class="row">
|
|
|
|
|
|
<div class="col-12 col-sm-6 col-lg-4">
|
2023-02-20 16:25:25 +00:00
|
|
|
|
<div class="card">
|
|
|
|
|
|
<div class="card-header">
|
|
|
|
|
|
<h3 class="card-title">OpenID Connect OAuth Settings</h3>
|
2023-02-20 15:35:15 +00:00
|
|
|
|
</div>
|
2023-02-20 16:39:52 +00:00
|
|
|
|
<!-- /.card-header -->
|
2023-02-20 16:25:25 +00:00
|
|
|
|
<div class="card-body">
|
2023-04-10 20:35:02 +00:00
|
|
|
|
<div class="form-group">
|
|
|
|
|
|
<input type="checkbox" id="oidc_oauth_enabled"
|
|
|
|
|
|
name="oidc_oauth_enabled" class="checkbox"
|
|
|
|
|
|
data-bind="checked: oidc_oauth_enabled">
|
|
|
|
|
|
<label for="oidc_oauth_enabled">Enable OpenID
|
|
|
|
|
|
Connect
|
|
|
|
|
|
OAuth</label>
|
|
|
|
|
|
</div>
|
|
|
|
|
|
<div class="form-group">
|
|
|
|
|
|
<label for="oidc_oauth_key">Client ID</label>
|
|
|
|
|
|
<input type="text" class="form-control"
|
|
|
|
|
|
name="oidc_oauth_key" id="oidc_oauth_key"
|
|
|
|
|
|
placeholder="OIDC OAuth Client ID"
|
|
|
|
|
|
data-bind="enable: oidc_oauth_enabled, value: oidc_oauth_key, valueUpdate: 'afterkeydown'">
|
|
|
|
|
|
<span class="help-block with-errors"></span>
|
|
|
|
|
|
</div>
|
|
|
|
|
|
<div class="form-group">
|
|
|
|
|
|
<label for="oidc_oauth_secret">Client Secret</label>
|
|
|
|
|
|
<input type="text" class="form-control"
|
|
|
|
|
|
name="oidc_oauth_secret"
|
|
|
|
|
|
id="oidc_oauth_secret"
|
|
|
|
|
|
placeholder="OIDC OAuth Client Secret"
|
|
|
|
|
|
data-bind="enable: oidc_oauth_enabled, value: oidc_oauth_secret, valueUpdate: 'afterkeydown'">
|
|
|
|
|
|
<span class="help-block with-errors"></span>
|
|
|
|
|
|
</div>
|
|
|
|
|
|
<div class="form-group">
|
|
|
|
|
|
<label for="oidc_oauth_scope">Scope</label>
|
|
|
|
|
|
<input type="text" class="form-control"
|
|
|
|
|
|
name="oidc_oauth_scope" id="oidc_oauth_scope"
|
|
|
|
|
|
placeholder="e.g. email"
|
|
|
|
|
|
data-bind="enable: oidc_oauth_enabled, value: oidc_oauth_scope, valueUpdate: 'afterkeydown'">
|
|
|
|
|
|
<span class="help-block with-errors"></span>
|
|
|
|
|
|
</div>
|
|
|
|
|
|
<div class="form-group">
|
|
|
|
|
|
<label for="oidc_oauth_api_url">API URL</label>
|
|
|
|
|
|
<input type="text" class="form-control"
|
|
|
|
|
|
name="oidc_oauth_api_url"
|
|
|
|
|
|
id="oidc_oauth_api_url"
|
|
|
|
|
|
placeholder="e.g. https://api.oidc.com/user"
|
|
|
|
|
|
data-bind="enable: oidc_oauth_enabled, value: oidc_oauth_api_url, valueUpdate: 'afterkeydown'">
|
|
|
|
|
|
<span class="help-block with-errors"></span>
|
|
|
|
|
|
</div>
|
|
|
|
|
|
<div class="form-group">
|
|
|
|
|
|
<input type="checkbox"
|
|
|
|
|
|
id="oidc_oauth_auto_configure"
|
|
|
|
|
|
name="oidc_oauth_auto_configure"
|
|
|
|
|
|
class="checkbox"
|
2023-04-10 21:28:54 +00:00
|
|
|
|
data-bind="enable: oidc_oauth_enabled, checked: oidc_oauth_auto_configure">
|
2023-04-10 20:35:02 +00:00
|
|
|
|
<label for="oidc_oauth_auto_configure">Enable OIDC
|
|
|
|
|
|
OAuth Auto-Configuration</label>
|
|
|
|
|
|
</div>
|
|
|
|
|
|
<div class="form-group"
|
|
|
|
|
|
data-bind="visible: oidc_oauth_auto_configure">
|
|
|
|
|
|
<label for="oidc_oauth_metadata_url">Metadata
|
|
|
|
|
|
URL</label>
|
|
|
|
|
|
<input type="text" class="form-control"
|
|
|
|
|
|
name="oidc_oauth_metadata_url"
|
|
|
|
|
|
id="oidc_oauth_metadata_url"
|
|
|
|
|
|
placeholder="e.g. https://{YOUR_DOMAIN}/login/oauth/.well-known/openid-configuration"
|
|
|
|
|
|
data-bind="enable: oidc_oauth_enabled() && oidc_oauth_auto_configure(), value: oidc_oauth_metadata_url, valueUpdate: 'afterkeydown'">
|
|
|
|
|
|
<span class="help-block with-errors"></span>
|
|
|
|
|
|
</div>
|
|
|
|
|
|
<div class="form-group"
|
|
|
|
|
|
data-bind="hidden: oidc_oauth_auto_configure">
|
|
|
|
|
|
<label for="oidc_oauth_token_url">Token URL</label>
|
|
|
|
|
|
<input type="text" class="form-control"
|
|
|
|
|
|
name="oidc_oauth_token_url"
|
|
|
|
|
|
id="oidc_oauth_token_url"
|
|
|
|
|
|
placeholder="e.g. https://{YOUR_DOMAIN}/login/oauth/access_token"
|
|
|
|
|
|
data-bind="enable: oidc_oauth_enabled() && !oidc_oauth_auto_configure(), value: oidc_oauth_token_url, valueUpdate: 'afterkeydown'">
|
|
|
|
|
|
<span class="help-block with-errors"></span>
|
|
|
|
|
|
</div>
|
|
|
|
|
|
<div class="form-group"
|
|
|
|
|
|
data-bind="hidden: oidc_oauth_auto_configure">
|
|
|
|
|
|
<label for="oidc_oauth_authorize_url">Authorize
|
|
|
|
|
|
URL</label>
|
|
|
|
|
|
<input type="text" class="form-control"
|
|
|
|
|
|
name="oidc_oauth_authorize_url"
|
|
|
|
|
|
id="oidc_oauth_authorize_url"
|
|
|
|
|
|
placeholder="e.g. https://{YOUR_DOMAIN}/login/oauth/authorize"
|
|
|
|
|
|
data-bind="enable: oidc_oauth_enabled() && !oidc_oauth_auto_configure(), value: oidc_oauth_authorize_url, valueUpdate: 'afterkeydown'">
|
|
|
|
|
|
<span class="help-block with-errors"></span>
|
|
|
|
|
|
</div>
|
|
|
|
|
|
<div class="form-group">
|
|
|
|
|
|
<label for="oidc_oauth_logout_url">Logout
|
|
|
|
|
|
URL</label>
|
|
|
|
|
|
<input type="text" class="form-control"
|
|
|
|
|
|
name="oidc_oauth_logout_url"
|
|
|
|
|
|
id="oidc_oauth_logout_url"
|
|
|
|
|
|
placeholder="e.g. https://{YOUR_DOMAIN}/login/oauth/logout"
|
|
|
|
|
|
data-bind="enable: oidc_oauth_enabled, value: oidc_oauth_logout_url, valueUpdate: 'afterkeydown'">
|
|
|
|
|
|
<span class="help-block with-errors"></span>
|
|
|
|
|
|
</div>
|
2023-02-20 16:25:25 +00:00
|
|
|
|
<fieldset>
|
2023-03-12 13:13:54 +00:00
|
|
|
|
<legend>Claims</legend>
|
2023-02-20 16:25:25 +00:00
|
|
|
|
<div class="form-group">
|
|
|
|
|
|
<label for="oidc_oauth_username">Username</label>
|
|
|
|
|
|
<input type="text" class="form-control"
|
|
|
|
|
|
name="oidc_oauth_username"
|
|
|
|
|
|
id="oidc_oauth_username"
|
|
|
|
|
|
placeholder="e.g. preferred_username"
|
2023-04-09 14:11:00 +00:00
|
|
|
|
data-bind="enable: oidc_oauth_enabled, value: oidc_oauth_username, valueUpdate: 'afterkeydown'">
|
|
|
|
|
|
<span class="help-block with-errors"></span>
|
|
|
|
|
|
</div>
|
|
|
|
|
|
<div class="form-group">
|
|
|
|
|
|
<label for="oidc_oauth_email">Email</label>
|
|
|
|
|
|
<input type="text" class="form-control"
|
|
|
|
|
|
name="oidc_oauth_email" id="oidc_oauth_email"
|
|
|
|
|
|
placeholder="e.g. email"
|
|
|
|
|
|
data-bind="enable: oidc_oauth_enabled, value: oidc_oauth_email, valueUpdate: 'afterkeydown'">
|
2023-02-20 16:25:25 +00:00
|
|
|
|
<span class="help-block with-errors"></span>
|
|
|
|
|
|
</div>
|
|
|
|
|
|
<div class="form-group">
|
|
|
|
|
|
<label for="oidc_oauth_firstname">First Name</label>
|
|
|
|
|
|
<input type="text" class="form-control"
|
|
|
|
|
|
name="oidc_oauth_firstname"
|
|
|
|
|
|
id="oidc_oauth_firstname"
|
|
|
|
|
|
placeholder="e.g. given_name"
|
2023-04-09 14:11:00 +00:00
|
|
|
|
data-bind="enable: oidc_oauth_enabled, value: oidc_oauth_firstname, valueUpdate: 'afterkeydown'">
|
2023-02-20 16:25:25 +00:00
|
|
|
|
<span class="help-block with-errors"></span>
|
|
|
|
|
|
</div>
|
|
|
|
|
|
<div class="form-group">
|
|
|
|
|
|
<label for="oidc_oauth_last_name">Last Name</label>
|
|
|
|
|
|
<input type="text" class="form-control"
|
|
|
|
|
|
name="oidc_oauth_last_name"
|
|
|
|
|
|
id="oidc_oauth_last_name"
|
|
|
|
|
|
placeholder="e.g. family_name"
|
2023-04-09 14:11:00 +00:00
|
|
|
|
data-bind="enable: oidc_oauth_enabled, value: oidc_oauth_last_name, valueUpdate: 'afterkeydown'">
|
2023-02-20 16:25:25 +00:00
|
|
|
|
<span class="help-block with-errors"></span>
|
|
|
|
|
|
</div>
|
|
|
|
|
|
</fieldset>
|
|
|
|
|
|
<fieldset>
|
2023-03-12 13:13:54 +00:00
|
|
|
|
<legend>Advanced</legend>
|
2023-02-20 16:25:25 +00:00
|
|
|
|
<div class="form-group">
|
|
|
|
|
|
<label for="oidc_oauth_account_name_property">Autoprovision
|
|
|
|
|
|
Account Name property</label>
|
|
|
|
|
|
<input type="text" class="form-control"
|
|
|
|
|
|
name="oidc_oauth_account_name_property"
|
|
|
|
|
|
id="oidc_oauth_account_name_property"
|
|
|
|
|
|
placeholder="e.g. account_name"
|
2023-04-09 14:11:00 +00:00
|
|
|
|
data-bind="enable: oidc_oauth_enabled, value: oidc_oauth_account_name_property, valueUpdate: 'afterkeydown'">
|
2023-02-20 16:25:25 +00:00
|
|
|
|
<span class="help-block with-errors"></span>
|
|
|
|
|
|
</div>
|
|
|
|
|
|
<div class="form-group">
|
|
|
|
|
|
<label
|
|
|
|
|
|
for="oidc_oauth_account_description_property">Autoprovision
|
|
|
|
|
|
Account Description property</label>
|
|
|
|
|
|
<input type="text" class="form-control"
|
|
|
|
|
|
name="oidc_oauth_account_description_property"
|
|
|
|
|
|
id="oidc_oauth_account_description_property"
|
|
|
|
|
|
placeholder="e.g. account_description"
|
2023-04-09 14:11:00 +00:00
|
|
|
|
data-bind="enable: oidc_oauth_enabled, value: oidc_oauth_account_description_property, valueUpdate: 'afterkeydown'">
|
2023-02-20 16:25:25 +00:00
|
|
|
|
<span class="help-block with-errors"></span>
|
|
|
|
|
|
</div>
|
|
|
|
|
|
</fieldset>
|
2023-02-20 15:35:15 +00:00
|
|
|
|
</div>
|
2023-02-20 16:39:52 +00:00
|
|
|
|
<!-- /.card-body -->
|
2020-07-03 06:55:31 +00:00
|
|
|
|
</div>
|
2023-02-20 16:39:52 +00:00
|
|
|
|
<!-- /.card -->
|
2023-04-10 20:35:02 +00:00
|
|
|
|
</div>
|
|
|
|
|
|
<!-- /.col -->
|
|
|
|
|
|
<div class="col-12 col-sm-6 col-lg-8">
|
|
|
|
|
|
<div class="card">
|
|
|
|
|
|
<div class="card-header">
|
|
|
|
|
|
<h3 class="card-title">Settings Help</h3>
|
|
|
|
|
|
</div>
|
|
|
|
|
|
<!-- /.card-header -->
|
|
|
|
|
|
<div class="card-body">
|
|
|
|
|
|
<p>Fill in all the fields in the left form.</p>
|
|
|
|
|
|
</div>
|
|
|
|
|
|
<!-- /.card-body -->
|
2023-02-20 16:25:25 +00:00
|
|
|
|
</div>
|
2023-04-10 20:35:02 +00:00
|
|
|
|
<!-- /.card -->
|
2023-02-20 16:25:25 +00:00
|
|
|
|
</div>
|
2023-04-10 20:35:02 +00:00
|
|
|
|
<!-- /.col -->
|
2018-10-21 22:38:12 +00:00
|
|
|
|
</div>
|
2023-04-10 20:35:02 +00:00
|
|
|
|
<!-- /.row -->
|
2023-02-20 15:35:15 +00:00
|
|
|
|
</div>
|
2023-04-10 20:35:02 +00:00
|
|
|
|
<!-- /.tab-pane -->
|
2023-02-20 15:35:15 +00:00
|
|
|
|
|
2023-04-10 20:35:02 +00:00
|
|
|
|
</div>
|
|
|
|
|
|
<!-- /.tab-content -->
|
2018-08-18 11:41:59 +00:00
|
|
|
|
</div>
|
2023-04-10 20:35:02 +00:00
|
|
|
|
<!-- /.nav-tabs-custom -->
|
2018-08-18 11:41:59 +00:00
|
|
|
|
</div>
|
2023-04-10 20:35:02 +00:00
|
|
|
|
<!-- /.card-body -->
|
|
|
|
|
|
<div class="card-footer">
|
|
|
|
|
|
<div class="error"></div>
|
|
|
|
|
|
<button type="button" class="btn btn-primary"
|
|
|
|
|
|
title="Save Settings" data-bind="click: onSaveClick">
|
|
|
|
|
|
<i class="fa-solid fa-save"></i> Save Settings
|
|
|
|
|
|
</button>
|
|
|
|
|
|
</div>
|
|
|
|
|
|
<!-- /.card-footer -->
|
2023-04-10 16:49:12 +00:00
|
|
|
|
</div>
|
2023-04-10 20:35:02 +00:00
|
|
|
|
<!-- /.card -->
|
|
|
|
|
|
</form>
|
2018-08-18 11:41:59 +00:00
|
|
|
|
</div>
|
2023-02-20 15:35:15 +00:00
|
|
|
|
<!-- /.col -->
|
2018-08-18 11:41:59 +00:00
|
|
|
|
</div>
|
2023-02-20 15:35:15 +00:00
|
|
|
|
<!-- /.row -->
|
2018-08-18 11:41:59 +00:00
|
|
|
|
</div>
|
2023-02-20 15:35:15 +00:00
|
|
|
|
<!-- /.container-fluid -->
|
|
|
|
|
|
</section>
|
2018-08-18 11:41:59 +00:00
|
|
|
|
{% endblock %}
|
2023-02-18 16:04:14 +00:00
|
|
|
|
|
2023-04-10 20:35:02 +00:00
|
|
|
|
{% block head_styles %}
|
2023-04-10 21:28:54 +00:00
|
|
|
|
<style>
|
2023-04-10 23:52:18 +00:00
|
|
|
|
.error { color: red !important; }
|
2023-04-10 20:35:02 +00:00
|
|
|
|
</style>
|
|
|
|
|
|
{% endblock %}
|
|
|
|
|
|
|
2018-08-18 11:41:59 +00:00
|
|
|
|
{% block extrascripts %}
|
2023-04-10 16:49:12 +00:00
|
|
|
|
<script>
|
|
|
|
|
|
$(function () {
|
|
|
|
|
|
let API_URL = '{{ url_for('admin.setting_authentication_api') }}';
|
|
|
|
|
|
let CSRF_TOKEN = '{{ csrf_token() }}';
|
|
|
|
|
|
let model = new AuthenticationSettingsModel({}, API_URL, CSRF_TOKEN, '#settings-editor');
|
|
|
|
|
|
model.init(true);
|
|
|
|
|
|
})
|
|
|
|
|
|
</script>
|
2018-08-18 11:41:59 +00:00
|
|
|
|
{% endblock %}
|
