No description
| docker/kanidm | ||
| mcadmin | ||
| mcselfservice | ||
| nix | ||
| .editorconfig | ||
| .env.example | ||
| .envrc | ||
| .gitignore | ||
| docker-compose.yml | ||
| flake.lock | ||
| flake.nix | ||
| manage.py | ||
| README.md | ||
Setup
Prerequisites:
- Nix installed
- Docker installed
auth.localandlocalpoint at localhost in your hosts file
Set up env:
cp .env.example .env
nix develop
Build the docker python image:
update-docker-image
Start the docker stack:
docker compose up -d
Prepare kanidm for everything:
# Generate certs
docker compose run kanidm kanidmd cert-generate
# Get idm_admin password
docker compose run kanidm kanidmd recover-account idm_admin
Note down the previously generated idm_admin password, you'll need it.
# Login to the kanidm cli
kanidm login -D idm_admin --instance local -c ./docker/kanidm/certs/cert.pem
USERNAME=b12f
# Create person and groups
kanidm person create $USERNAME $USERNAME --instance local -C ./docker/kanidm/certs/ca.pem
kanidm group create mc-admin_users --instance local -C ./docker/kanidm/certs/ca.pem
kanidm group add-members mc-admin_users $USERNAME --instance local -C ./docker/kanidm/certs/ca.pem
# Create and configure the oauth2 client system
kanidm system oauth2 create mc-admin mc-admin http://local:8000/accounts/oidc/kanidm/login/callback/ --instance local -C ./docker/kanidm/certs/ca.pem
kanidm system oauth2 update-scope-map mc-admin mc-admin_users email profile openid groups --instance local -C ./docker/kanidm/certs/ca.pem
# Output the client secret
kanidm system oauth2 show-basic-secret mc-admin --instance local -C ./docker/kanidm/certs/ca.pem
Put that secret into the .env file.
Now, setup your personal account with credentials:
kanidm person credential create-reset-token $USERNAME --instance local -C ./docker/kanidm/certs/ca.pem