Setting up external Auth

croit supports a couple of different login solutions, so it is easier to integrate in your existing environment.

All of them are set up inside the croit container, so you will have to edit /config/config.yml.

docker exec -it croit vi /config/config.yml

Once you're done with your changes to the config file, restart the container.

docker restart croit

#LDAP / AD

For LDAP the relevant part of the config file looks like this:

# /config/config.yml
ldap:
  # URL of your LDAP server
  url: ldap://ad.example.com
  # enable AD-specific query functionality for improved performance and support for nested groups
  isActiveDirectory: no
  # whether to use TLS, default is yes
  tls: yes
  # whether to validate certificates, default is yes
  verifyCertificateChain: yes
  # follow referrals
  referrals: IGNORE/FOLLOW

  # croit binds to this DN to look up users and group members
  bindDN: CN=croit-service-user,OU=service,OU=accounts,OU=example,DC=ad,DC=example,DC=com
  bindPassword: secretPassword

  # base for user lookups on login
  base: OU=users,OU=accounts,OU=example,DC=ad,DC=example,DC=com

  # name of the attribute used to search for users and the class name for users
  # defaults are sAMAccountName/user
  # the resulting ldap query looks like this: (&($uidAttributeName=$username)(objectClass=$userClassName))
  uidAttributeName: sAMAccountName
  userClassName: user

  # name of the attribute for the group(s) a user belongs to
  memberOfAttributeName: memberOf

  # the full distinguished names of groups that are mapped to admin/viewer roles
  adminGroupDN: CN=ceph_admins,OU=groups,OU=example,DC=ad,DC=example,DC=com
  viewGroupDN: CN=ceph_viewers,OU=groups,OU=example,DC=ad,DC=example,DC=com

#Okta

For Okta you will need to add this to the config:

# /config/config.yml
oktaOAuth:
  baseUrl: https://dev-XXXXXX.oktapreview.com
  issuer: https://dev-XXXXXX.oktapreview.com/oauth2/default
  clientId: ABC123ABC123ABC123
  audience: "" # defaults to 'api://default'
  mapRoles:
    admin: croit-admin
    viewer: croit-viewer

All of this should be self explainatory, but if you have any questions, or would like to request another SSO solution, don't hesitate to contact us!