Wekan is an open-source Kanban, similar to trello.
See the official Wekan website for a complete presentation.
It feature an oauth2 login feature that work with LemonLDAP::NG
Wekan is mostly configured with environement variables, you need to set theses :
TRUE
ClientID
Secret
https://auth.example.com/
oauth2/authorize
oauth2/userinfo
oauth2/token
sub
sub
name
email
Danger
Be careful to the / in server_url and endpoints, the complete URL need to be valid, ie auth.example.com/ for url & oauth2/xxx for endpoints, OR, auth.example.com & /oauth2/xxx for endpoints.
We now have to configure LemonLDAP::NG to recognize Wekan as a valid OAuth2 relaying party and send it the information it needs to recognize a user.
Add a new OpenID Connect relaying party with the following parameters:
name
: session attribute containing the user’s full nameemail
: session attribute containing the user’s email or _singleMailDanger
OIDC login fails when an user as a multi-valued email attribute, this need to be fixed on wekan’s side, we can bypass that by telling lemonldap to only send one email
Create a new macro, name it (_singleMail is an example), the macro
should contain (split(/; /,$mail))[1]