Skip to content
This repository has been archived by the owner on Sep 20, 2023. It is now read-only.

Commit

Permalink
#199 add oauth2 example
Browse files Browse the repository at this point in the history
  • Loading branch information
@jeromeleonard
jeromeleonard committed Oct 27, 2020
1 parent 7434745 commit 132b938
Show file tree
Hide file tree
Showing 2 changed files with 38 additions and 3 deletions.
39 changes: 37 additions & 2 deletions admin/configuration.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -188,7 +188,7 @@ auth {
# URL of the authorization server
#clientId = "client-id"
#clientSecret = "client-secret"
#redirectUri = "https://my-thehive-instance.example/index.html#!/login"
#redirectUri = "https://my-thehive-instance.example/api/ssoLogin"
#responseType = "code"
#grantType = "authorization_code"
Expand All @@ -198,7 +198,7 @@ auth {
# The endpoint from which to obtain user details using the OAuth token, after successful login
#userUrl = "https://auth-site.com/api/User"
#scope = "openid profile"
#scope = ["openid profile"]
}
# Single-Sign On
Expand Down Expand Up @@ -244,6 +244,41 @@ session {
}
```

#### OAUTH2 Example

```
oauth2 {
name: oauth2
clientId: "client-id"
clientSecret: "client-secret"
redirectUri: "http://localhost:9112/api/ssoLogin"
responseType: code
grantType: "authorization_code"
authorizationUrl: "https://github.com/login/oauth/authorize"
authorizationHeader: "token"
tokenUrl: "https://github.com/login/oauth/access_token"
userUrl: "https://api.github.com/user"
scope: ["user"]
}
sso {
autocreate: false
autoupdate: false
mapper: "simple"
attributes {
login: "login"
name: "name"
roles: "role"
}
defaultRoles: ["read", "write"]
defaultOrganization: "demo"
}
```



### 3.1. LDAP/AD
To enable authentication using AD or LDAP, edit the `application.conf` file and supply the values for your environment. Then you need to create an account on TheHive for each AD or LDAP user in `Administration > Users` page (which can only be accessed by an administrator). This is required as TheHive needs to look up the role associated with the user and that role is stored locally by TheHive. Obviously, you don't need to supply a password as TheHive will check the credentials against the remote directory.

Expand Down
2 changes: 1 addition & 1 deletion installation/install-guide.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -176,7 +176,7 @@ Setup apt configuration with the `main` repository:

```bash
curl https://raw.githubusercontent.com/TheHive-Project/TheHive/master/PGP-PUBLIC-KEY | sudo apt-key add -
echo 'deb https://deb.thehive-project.org main main' | sudo tee -a /etc/apt/sources.list.d/thehive-project.list
echo 'deb https://deb.thehive-project.org stable main' | sudo tee -a /etc/apt/sources.list.d/thehive-project.list
sudo apt-get update
```

Expand Down

0 comments on commit 132b938

Please sign in to comment.