From 0981ec30c3d5218939d44fc2f40725b0b4a03684 Mon Sep 17 00:00:00 2001 From: zeripath Date: Tue, 14 Dec 2021 08:37:11 +0000 Subject: Add Option to synchronize Admin & Restricted states from OIDC/OAuth2 along with Setting Scopes (#16766) * Add setting to OAuth handlers to override local 2FA settings This PR adds a setting to OAuth and OpenID login sources to allow the source to override local 2FA requirements. Fix #13939 Signed-off-by: Andrew Thornton * Fix regression from #16544 Signed-off-by: Andrew Thornton * Add scopes settings Signed-off-by: Andrew Thornton * fix trace logging in auth_openid Signed-off-by: Andrew Thornton * add required claim options Signed-off-by: Andrew Thornton * Move UpdateExternalUser to externalaccount Signed-off-by: Andrew Thornton * Allow OAuth2/OIDC to set Admin/Restricted status Signed-off-by: Andrew Thornton * Allow use of the same group claim name for the prohibit login value Signed-off-by: Andrew Thornton * fixup! Move UpdateExternalUser to externalaccount * as per wxiaoguang Signed-off-by: Andrew Thornton * add label back in Signed-off-by: Andrew Thornton * adjust localisation Signed-off-by: Andrew Thornton * placate lint Signed-off-by: Andrew Thornton Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: Lunny Xiao Co-authored-by: techknowlogick --- options/locale/locale_en-US.ini | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'options/locale') diff --git a/options/locale/locale_en-US.ini b/options/locale/locale_en-US.ini index 2819223103..3f180ddbec 100644 --- a/options/locale/locale_en-US.ini +++ b/options/locale/locale_en-US.ini @@ -2521,6 +2521,11 @@ auths.oauth2_emailURL = Email URL auths.skip_local_two_fa = Skip local 2FA auths.skip_local_two_fa_helper = Leaving unset means local users with 2FA set will still have to pass 2FA to log on auths.oauth2_tenant = Tenant +auths.oauth2_scopes = Additional Scopes +auths.oauth2_required_claim_name = Required Claim Name +auths.oauth2_required_claim_name_helper = Set this name to restrict login from this source to users with a claim with this name +auths.oauth2_required_claim_value = Required Claim Value +auths.oauth2_required_claim_value_helper = Set this value to restrict login from this source to users with a claim with this name and value auths.enable_auto_register = Enable Auto Registration auths.sspi_auto_create_users = Automatically create users auths.sspi_auto_create_users_helper = Allow SSPI auth method to automatically create new accounts for users that login for the first time -- cgit v1.2.3