NHAS
OIDC documentation needs to be fleshed out
Currently the documentation only contains one-line descriptions of the various OIDC fields. I've been able to figure out what's required for most of them, but I have no idea what you mean by "DeviceUsernameClaim".
If the docs could include a sample config from google or ms, or whatever, that would help greatly.
Not that this helps you but I do have a new docs page coming soon.
Sorry about the confusion I just haven't had the time lately due to some changes in my life.
As for the DeviceUsernameClaim,
if len(o.details.DeviceUsernameClaim) != 0 {
deviceUsernameClaim, ok := tokens.IDTokenClaims.Claims[o.details.DeviceUsernameClaim].(string)
if !ok {
log.Println("Error, Device Username Claim set but idP has not set attribute in users token")
http.Redirect(w, r, "/error?m="+url.QueryEscape("Server configuration error"), http.StatusSeeOther)
return
}
suppliedUsername = deviceUsernameClaim
}
It is an optional configuration that allows you to overwrite the username wag will use when the user logs into a device.
I.e
If your identity provider has users set up like [email protected], but you for some reason need them to be in a different format e.g jsmith you can define the field in your oidc provider.
I belatedly found this through google search, which is exactly what I needed. https://nhas.github.io/wag-vpn.github.io/docs/guides/single_sign_on_with_keycloak/
Did you write this? I'm surprised there wasn't already a link to this in the readme.md.
Yep I wrote this. I wanted to wait until I had something a bit more fleshed out
I've released the first version of the wag documentation.
https://wag-docs.dev/, https://github.com/NHAS/wag-docs/
Feel free to make PR's there but for now Im thinking of this as closed
Hot damn! That's a fantastic improvement over what was before. I'll try to go through it when I have a chance. Thank you SO much for all your work!
Please feel free to open prs on that docs page as well.
The docs are there who knows if they're correct haha.