From 132b938881bcebc0feff5f2b455a35d825c7303d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=A9r=C3=B4me=20Leonard?= Date: Tue, 27 Oct 2020 17:19:07 +0100 Subject: [PATCH] #199 add oauth2 example --- admin/configuration.md | 39 +++++++++++++++++++++++++++++++++-- installation/install-guide.md | 2 +- 2 files changed, 38 insertions(+), 3 deletions(-) diff --git a/admin/configuration.md b/admin/configuration.md index 678a8a5..2e96f83 100644 --- a/admin/configuration.md +++ b/admin/configuration.md @@ -188,7 +188,7 @@ auth { # URL of the authorization server #clientId = "client-id" #clientSecret = "client-secret" - #redirectUri = "https://my-thehive-instance.example/index.html#!/login" + #redirectUri = "https://my-thehive-instance.example/api/ssoLogin" #responseType = "code" #grantType = "authorization_code" @@ -198,7 +198,7 @@ auth { # The endpoint from which to obtain user details using the OAuth token, after successful login #userUrl = "https://auth-site.com/api/User" - #scope = "openid profile" + #scope = ["openid profile"] } # Single-Sign On @@ -244,6 +244,41 @@ session { } ``` +#### OAUTH2 Example + +``` + oauth2 { + name: oauth2 + clientId: "client-id" + clientSecret: "client-secret" + redirectUri: "http://localhost:9112/api/ssoLogin" + responseType: code + grantType: "authorization_code" + authorizationUrl: "https://github.com/login/oauth/authorize" + authorizationHeader: "token" + tokenUrl: "https://github.com/login/oauth/access_token" + userUrl: "https://api.github.com/user" + scope: ["user"] + } + +sso { + autocreate: false + autoupdate: false + mapper: "simple" + attributes { + login: "login" + name: "name" + roles: "role" + } + defaultRoles: ["read", "write"] + defaultOrganization: "demo" + } + + +``` + + + ### 3.1. LDAP/AD To enable authentication using AD or LDAP, edit the `application.conf` file and supply the values for your environment. Then you need to create an account on TheHive for each AD or LDAP user in `Administration > Users` page (which can only be accessed by an administrator). This is required as TheHive needs to look up the role associated with the user and that role is stored locally by TheHive. Obviously, you don't need to supply a password as TheHive will check the credentials against the remote directory. diff --git a/installation/install-guide.md b/installation/install-guide.md index 5eb53a4..e8e59e4 100644 --- a/installation/install-guide.md +++ b/installation/install-guide.md @@ -176,7 +176,7 @@ Setup apt configuration with the `main` repository: ```bash curl https://raw.githubusercontent.com/TheHive-Project/TheHive/master/PGP-PUBLIC-KEY | sudo apt-key add - -echo 'deb https://deb.thehive-project.org main main' | sudo tee -a /etc/apt/sources.list.d/thehive-project.list +echo 'deb https://deb.thehive-project.org stable main' | sudo tee -a /etc/apt/sources.list.d/thehive-project.list sudo apt-get update ```