OTSSigns/OTSSignsOrchestrator
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

work with authentik

Browse Source
This commit is contained in:
Matt Batchelder
2026-02-27 17:48:21 -05:00
parent 90eb649940
commit 2aaa0442b2
13 changed files with 699 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

63
templates/settings-custom.php.template Normal file
View File

@@ -0,0 +1,63 @@
<?php
$authentication = new \Xibo\Middleware\SAMLAuthentication();
$samlSettings = [
'workflow' => [
'jit' => true,
'field_to_identify' => 'UserName',
'libraryQuota' => 1000,
'homePage' => 'icondashboard.view',
'slo' => true,
'mapping' => [
'UserID' => '',
'usertypeid' => '',
'UserName' => 'http://schemas.goauthentik.io/2021/02/saml/username',
'email' => 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress',
],
'group' => 'Users',
'matchGroups' => [
'enabled' => false,
'attribute' => null,
'extractionRegEx' => null,
],
],
'strict' => true,
'debug' => true,
'baseurl' => '{{SAML_BASE_URL}}',
'idp' => [
'entityId' => '{{AUTHENTIK_IDP_ENTITY_ID}}',
'singleSignOnService' => [
'url' => '{{AUTHENTIK_SSO_URL}}',
'binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect',
],
'singleLogoutService' => [
'url' => '{{AUTHENTIK_SLO_URL}}',
'binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect',
],
'x509cert' => '{{AUTHENTIK_IDP_X509_CERT}}',
],
'sp' => [
'entityId' => '{{SAML_SP_ENTITY_ID}}',
'assertionConsumerService' => [
'url' => '{{SAML_BASE_URL}}/acs',
'binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST',
],
'singleLogoutService' => [
'url' => '{{SAML_BASE_URL}}/sls',
'binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect',
],
'NameIDFormat' => 'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress',
'x509cert' => '',
'privateKey' => '',
],
'security' => [
'nameIdEncrypted' => false,
'authnRequestsSigned' => false,
'logoutRequestSigned' => false,
'logoutResponseSigned' => false,
'signMetadata' => false,
'wantMessagesSigned' => false,
'wantAssertionsSigned' => false,
'wantAssertionsEncrypted' => false,
'wantNameIdEncrypted' => false,
],
];

142
templates/template.yml Normal file
View File

@@ -0,0 +1,142 @@
# Customer: {{CUSTOMER_NAME}}
version: "3.9"
services:
{{ABBREV}}-web:
image: {{CMS_IMAGE}}
environment:
CMS_USE_MEMCACHED: "true"
MEMCACHED_HOST: memcached
CMS_ALIAS: "/{{ABBREV}}"
MYSQL_HOST: {{MYSQL_HOST}}
MYSQL_PORT: "{{MYSQL_PORT}}"
MYSQL_DATABASE: {{MYSQL_DATABASE}}
MYSQL_USER: {{MYSQL_USER}}
MYSQL_PASSWORD: {{MYSQL_PASSWORD}}
CMS_SERVER_NAME: {{CMS_SERVER_NAME}}
CMS_SMTP_SERVER: {{SMTP_SERVER}}
CMS_SMTP_USERNAME: {{SMTP_USERNAME}}
CMS_SMTP_PASSWORD: {{SMTP_PASSWORD}}
CMS_SMTP_USE_TLS: {{SMTP_USE_TLS}}
CMS_SMTP_USE_STARTTLS: {{SMTP_USE_STARTTLS}}
CMS_SMTP_REWRITE_DOMAIN: {{SMTP_REWRITE_DOMAIN}}
CMS_SMTP_HOSTNAME: {{SMTP_HOSTNAME}}
CMS_SMTP_FROM_LINE_OVERRIDE: {{SMTP_FROM_LINE_OVERRIDE}}
CMS_PHP_POST_MAX_SIZE: {{PHP_POST_MAX_SIZE}}
CMS_PHP_UPLOAD_MAX_FILESIZE: {{PHP_UPLOAD_MAX_FILESIZE}}
CMS_PHP_MAX_EXECUTION_TIME: "{{PHP_MAX_EXECUTION_TIME}}"
secrets:
- global_mysql_host
- global_mysql_port
volumes:
- {{ABBREV}}-cms-custom:/var/www/cms/custom
- {{ABBREV}}-cms-backup:/var/www/backup
- {{THEME_HOST_PATH}}:/var/www/cms/web/theme/custom
- {{ABBREV}}-cms-library:/var/www/cms/library
- {{ABBREV}}-cms-userscripts:/var/www/cms/web/userscripts
- {{ABBREV}}-cms-ca-certs:/var/www/cms/ca-certs
ports:
- "{{HOST_HTTP_PORT}}:80"
healthcheck:
test: ["CMD-SHELL", "curl -fsS --max-time 5 http://web:80/about | grep -Eo 'v?[0-9]+(\\.[0-9]+)+' >/dev/null || exit 1"]
interval: 10s
timeout: 5s
retries: 5
start_period: 30s
networks:
{{ABBREV}}-net:
aliases:
- web
deploy:
restart_policy:
condition: any
resources:
limits:
memory: 1G
{{ABBREV}}-memcached:
image: {{MEMCACHED_IMAGE}}
command: [memcached, -m, "15"]
networks:
{{ABBREV}}-net:
aliases:
- memcached
deploy:
restart_policy:
condition: any
resources:
limits:
memory: 100M
{{ABBREV}}-quickchart:
image: {{QUICKCHART_IMAGE}}
networks:
{{ABBREV}}-net:
aliases:
- quickchart
deploy:
restart_policy:
condition: any
{{ABBREV}}-newt:
image: {{NEWT_IMAGE}}
environment:
PANGOLIN_ENDPOINT: {{PANGOLIN_ENDPOINT}}
NEWT_ID: {{NEWT_ID}}
NEWT_SECRET: {{NEWT_SECRET}}
depends_on:
{{ABBREV}}-web:
condition: service_healthy
networks:
{{ABBREV}}-net: {}
deploy:
restart_policy:
condition: any
networks:
{{ABBREV}}-net:
driver: overlay
attachable: false
volumes:
{{ABBREV}}-cms-custom:
driver: local
driver_opts:
type: nfs
device: "{{NFS_DEVICE_PREFIX}}/{{ABBREV}}/cms-custom"
o: "{{NFS_OPTS}}"
{{ABBREV}}-cms-backup:
driver: local
driver_opts:
type: nfs
device: "{{NFS_DEVICE_PREFIX}}/{{ABBREV}}/cms-backup"
o: "{{NFS_OPTS}}"
{{ABBREV}}-cms-library:
driver: local
driver_opts:
type: nfs
device: "{{NFS_DEVICE_PREFIX}}/{{ABBREV}}/cms-library"
o: "{{NFS_OPTS}}"
{{ABBREV}}-cms-userscripts:
driver: local
driver_opts:
type: nfs
device: "{{NFS_DEVICE_PREFIX}}/{{ABBREV}}/cms-userscripts"
o: "{{NFS_OPTS}}"
{{ABBREV}}-cms-ca-certs:
driver: local
driver_opts:
type: nfs
device: "{{NFS_DEVICE_PREFIX}}/{{ABBREV}}/cms-ca-certs"
o: "{{NFS_OPTS}}"
secrets:
{{ABBREV}}-cms-db-password:
external: true
{{ABBREV}}-cms-db-user:
external: true
global_mysql_host:
external: true
global_mysql_port:
external: true